Privacy Policy - Ortac Underwriting

Ortac Underwriting Agency Limited (ORTAC) is committed to ensuring your privacy is protected. This Privacy Policy sets out details of the information that we may collect from you and how we may use that information. Please take your time to read this Privacy Policy carefully. When using our website, this Privacy Policy should be read alongside the website terms and conditions.

1. About us
2. How the insurance market works
3. Who do we collect information about?
4. When do we collect personal information?
5. What personal information do we collect and use?
6. How do we collect your information?
7. What are the purposes for which your information is used?
8. Who do we share your information with?
9. Automated decision making
10. What marketing activities do we carry out?
11. How long do we keep personal information for?
12. Your rights
13. How we protect your information
14. Contacting us
15. Updates to this Privacy Policy
16. Further Information

1. About us
In this Privacy Policy references to “we" or “us" or “ORTAC" are to ORTAC Underwriting Limited. References to you” and “your” also means, where appropriate, your broker, agent or intermediary.

We are the data controller of your personal information that we collect about you. This means that we are responsible for complying with data protection laws. This Privacy Policy describes what personal information we may collect about you, why we use your personal information and more generally the practices we maintain and ways in which we use and protect your personal information.

We have appointed a data protection co-ordinator (DPC) to oversee our handling of personal information. If you have any questions about how we collect, store or use your information, you can contact our data protection co-ordinator using the details set out in section 14.

2. How the insurance market works?
Insurance is the pooling and sharing of risk in order to provide protection against a possible eventuality. In order to do this, information, including your personal data, needs to be shared with various insurance market participants, such as intermediaries (including Managing General Agents such as ORTAC), insurers and reinsurers. The London Insurance Market Core Uses Information Notice (see link below) sets out those core necessary personal data uses and disclosures. Our core uses and disclosures are consistent with the London Market Core Uses Information Notice. We recommend you review this notice. (http://lma.informz.ca/LMA/data/images/Bulletin%20att/LMA17_038_MS_att1_information_notice.pdf)

This Privacy Policy is designed to help you understand how we, as an insurance manager, process your personal data through the insurance lifecycle.

3. Who do we collect information about?
We may collect information about:
1. Past, present and potential future policyholders
2. 3rd party claimants, witnesses and experts instructed in relation to claims
3. Business associates at our capacity providers, (sub) coverholders and other suppliers

4. When do we collect personal information?
We may collect information about you:
1. When you apply for, purchase a new policy, or renew a policy (or a policy under which you are insured is taken out or renewed) through one of our intermediary partners.
2. After a claim under a policy possibly through a 3rd party.
3. If you contact us for any reason.
4. From publicly available sources like credit rating databases and government databases for socio-demographic information

5. What personal information do we collect and use?
Information is collected and processed in order for us to provide insurance quotes, policies and deal with any claims or complaints. The personal information that we collect will depend on your relationship with us e.g. policyholder, claimant, broker or other third party.

Please note, in certain circumstances we may request and/or receive ‘sensitive’ data, also known as ‘special categories’ of personal information about you. For example we may need access to details of any unspent criminal convictions for the purposes of preventing, detecting and investigating fraud.

5.1 Personal information may include
• General information: name, address, address of the property or business being insured, contact details, date of birth, gender, family and relationship information and nationality
• Information about your job: job description/title, employment history and experience, education and professional qualifications
• Information relevant to your insurance policy: Dependent on the policy type but might include details of your property or business activities
• Information relevant to your claim or your association in the matter giving rise to a claim
• Information relating to past policies or claims
• Financial information: bank details, credit card and payment details, bankruptcy and company directorship information and information from credit check searches and checks and searches carried out by third parties such as a credit provider.
• Information obtained through our use of cookies. See our Cookies Policy on the ORTAC website
• Information captured during our telephone calls
• IP address
• Device ID information

5.2 Sensitive personal information
• Information relating to criminal history (including offences and alleged offences and any caution, court sentence or criminal conviction) and medical information which are required to provide insurance services and may include information on minors in relation to claims.

6. How do we collect your information?
We may collect personal information from a number of different sources, including but not limited to:
• Directly from you or from someone else on your behalf
• From other third parties involved in your insurance policy or claim such as your insurer, another broker or (sub) coverholder, claimants, defendants or witnesses
• From other third parties who provide a service in relation to your insurance policy or claim such as loss adjusters, claims handlers and other service providers
• From claims services providers
• Through publicly available sources such as the Internet and social media sites
• From credit reference agencies
• Through insurance industry fraud prevention and detection databases and sanctions screening tools
• From government agencies such as the tax authorities and from professional regulators

7. What are the purposes for which your information is used?
We may process your personal information for a number of different purposes. For each purpose we must have a legal ground for such processing. When the information that we process is classed as sensitive personal information, we must have an additional legal ground for such processing. Broadly, we will rely on the following legal grounds:

• Where the processing is necessary for our provision of your insurance policy and services for activities such as assessing your application, managing your insurance policy, handling claims and providing other services to you
• Where we have an appropriate business need such as maintaining our business records or developing and improving our products and services, and data analysis where such business need does not harm your interests.
• Where we have a legal or regulatory obligation to use such personal information.
• Where the use is necessary to establish, exercise or defend our legal rights.
• Where you have provided your consent to our use of your personal information

You will find details of our legal grounds for each of our processing purposes below.

7.1 To facilitate your becoming a policyholder, including carrying out fraud, credit, anti-money laundering and terrorist financing checks Legal grounds:
This processing is necessary for providing and administering your insurance contract

Additional legal grounds for processing sensitive personal information:
• On the basis that we are an INSURANCE MANAGER, in certain circumstances, we may have different legal grounds in relation to processing sensitive data than other non-insurance related firms
• There are, however, a number of safeguards. The most important is that the processing must be “necessary” for the insurance process
• In addition, it must also be necessary for reasons of substantial public interest (e.g. because it is necessary for the purposes of preventing fraud, sanctions screening

7.2 To evaluate your insurance application and provide a quote
Legal grounds:
• Us having an appropriate business need to use your information which does not harm your interests
• This processing is necessary for our providing your insurance contract

7.3 To conduct underwriting/claims analysis

Legal grounds:
• Us having an appropriate business need to use your information which does not harm your interests

7.4 General administration of policies

Legal grounds:
• Us having an appropriate business need to use your information which does not harm your interests
• This processing is necessary for providing your insurance contract.

7.5 Claims data processing

Legal grounds:
• Us having an appropriate business need to use your information which does not harm your interests
• This processing is necessary for providing your insurance contract.

7.6 Prevention, detection of and investigating and prosecuting fraud. This might include sharing your personal information with third parties such as the police, and other insurance and financial services providers.

Legal grounds:
• This processing is necessary for providing your insurance contract
• Us having an appropriate business need to use your information which does not harm your interests

Additional legal grounds for processing sensitive personal information:
• If required, we have asked and you have provided your explicit consent. It might be that we need your consent for this activity in order to provide you with cover under the policy, but we will make this clear when we ask for your consent
• The use is necessary for reasons of substantial public interest (i.e. because it is necessary for the purposes of preventing fraud)

7.7 Handling complaints (including communicating with you and resolving any complaints that you might have)

Legal grounds:
• This processing is necessary for providing your insurance contract
• Us having an appropriate business need to use your information which does not harm your interests

7.8 Legal or regulatory compliance

Legal grounds:
• The use is necessary in order for us to comply with our legal obligations

7.9 Provision of improved quality, training and security

Legal grounds:
• Us having an appropriate business need to use your information which does not harm your interests

7.10 Conducting our business operations such as maintaining accounting records, analysis of financial results, internal and external audit requirements, receiving professional advice (e.g. tax or legal advice)

Legal grounds:
• Us having an appropriate business need to use your information which does not harm your interests

7.11 Monitoring applications, reviewing, assessing, tailoring and improving our products and services and similar products and services offered by ORTAC

Legal grounds:
• Us having an appropriate business need to use your information which does not harm your interests

7.12 Offering and facilitating renewal on the expiry of your policy

Legal grounds:
• Us having an appropriate business need to use your information which does not harm your interests

7.13 Ensuring information from our website is clearly and effectively presented

Legal grounds:
• Us having an appropriate business need to use your information which does not harm your interests

7.14 Investigating or detecting unauthorised use of our systems, to secure our system and to ensure the effective operation of our systems

Legal grounds:
• Us having an appropriate business need to use your information which does not harm your interests

7.15 Other purposes outside of the insurance lifecycle but necessary for the provision of insurance throughout the insurance lifecycle period (including, among other things, general risk modelling, transferring books of business, any change in ownership of the company (whether in whole or part) and re-organisations

Legal grounds:
• Us having an appropriate business need to use your information which does not cause harm to your interests

8. Who do we share your information with?
From time to time, we may share your personal information within ORTAC, or with third parties. If you would like further information regarding the disclosures of your personal information, please see section 14 below for our contact details.

8.1 Disclosures to third parties
We also disclose your information to the third parties listed below for the purposes described in this Privacy Policy. These might include:

• our insurance partners such as other insurance intermediaries, insurers, reinsurers, introducers or other companies who act as insurance distributors
• insurance reference bureaux
• other third parties who assist in the administration of insurance policies such as loss adjusters, claims handlers, accountants, auditors, lawyers and other experts
• fraud detection agencies and other third parties who operate and maintain fraud detection registers
• our regulators
• the police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime
• other insurers who provide our own insurance
• industry bodies
• credit reference agencies
• online search engines
• our third party service providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, payment processing agencies, document management providers, data processors and tax advisers
• third parties who undertake analysis for the purposes of product improvement
• Selected third parties in connection with the sale, transfer or disposal of our business. We will ensure that such third parties have the appropriate technical and organisational measures in place to safeguard your data

8.2 International transfers
We (or third parties acting on our behalf) may store or process information that we collect about you in countries outside the European Economic Area (EEA). If you would like further information regarding the steps we take to safeguard your personal information, please contact us using the details set out in section 14.

9. Automated decision making
Will decisions about you be made by automated means (including profiling)? Please note that personal information, including sensitive personal information, may be used in the context of facilitating certain types of policies. This involves automated decision making to determine what the cost and the terms of the policy are.

10. What marketing activities do we carry out?
ORTAC do not carry out marketing activities.

11. How long do we keep personal information for?
We will only keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and in order to comply with our legal and regulatory obligations. In particular, for so long as there is any possibility that either you or we may wish to bring a legal claim under the insurance policy, or where we are required to keep your personal data due to legal or regulatory reasons. If you would like further information regarding the periods for which your personal information will be stored, please see section 14 below for our contact details.

12. Your rights
Under data protection law you have certain legal rights in relation to the personal information that we hold about you. You may exercise these rights at any time by contacting us using the details set out in section 14.

Please note:
• In some cases we may not be able to comply with your request (e.g. we might not be able to delete your data) for reasons such as our own obligations to comply with other legal or regulatory requirements. However, we will always respond to any request you make and if we can’t comply with your request, we will tell you why
• In some circumstances exercising some of these rights (including the right to erasure, the right to restriction of processing and the right to withdraw consent) will mean we are unable to continue providing you with cover under the policy and may therefore result in the cancellation of the policy.

Your rights include:

• The right to access your personal information
You are entitled to a copy of the personal information we hold about you and certain details of how we use it. There will not usually be a charge for dealing with these requests. Your information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible.

• The right to rectification
We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.

• The right to erasure (also known as ‘the right to be forgotten’)
In certain circumstances, you have the right to ask us to erase your personal information. Examples would include where the data is no longer required for the original purpose, consent has been withdrawn and there no overriding ground for continuing the processing, or for compliance with the national law.

• The right to restriction or suspension of processing
In certain circumstances, such as a question over its accuracy, you are entitled to ask us to stop using your personal information or to suspend its use.

• The right to data portability
In certain circumstances, you have the right to ask that we transfer any personal information that you have provided to us to another third party of your choice.

• The right to object to marketing
You can ask us to stop sending you marketing messages at any time.

• The right not to be subject to automated decision-making (including profiling)
You have a right not to be subject to a decision based solely on automated means.

• The right to object to processing
For certain uses of your personal information, we will ask for your consent. This consent can take the form of an action or affirmative instruction. Where we do this, you have the right to withdraw your consent to further use of your personal information. In other circumstances we may process your data using legitimate interest, and again you have the right to
withdraw this right of processing, unless it is necessary in connection with our legal rights.

Please note that in the event that you withdraw your permission for us to use all of your personal data, we may be unable to continue providing you with insurance cover under the policy and this may therefore result in the cancellation of the policy. You will therefore lose the right to bring any claim or receive any benefit under the policy. Your policy terms and conditions set out what will happen in the event your policy is cancelled.

• The right to lodge a complaint with the DPC
We would hope that you will always raise any issues with us first, and that we will be able to resolve them to your satisfaction. However, if this isn’t possible then you always have a right to complain directly to The Office of the Data Protection Commissioner (DPC) if you believe that any use of your personal information by us is in breach of applicable data protection laws and regulations.

ORTAC is registered under The Data Protection (Bailiwick of Guernsey) Law, 2017 under reference 11199.

Please see below for contact details of the DPC:
The Office of the Data Protection Commissioner
St Martin’s House
Le Bordage
St Peter Port
Guernsey
GY1 1BR
Tel: +44 (0)1481 742074
Email: enquiries@odpc.gg
Making a complaint will not affect any other legal rights or remedies that you have.

13. How we protect your information
We use a range of organisational and technical security measures to protect your information. This includes but is not limited to, staff training, processes and procedures regarding physical and digital security, anti-virus software and unauthorized network access alerts from our IT provider

14. Contacting us
If you have any questions about how we collect, store or use your personal information, you may contact our data protection co-ordinator at:

Ortac Underwriting Agency Limited
Suite 2,
Grange Place,
St Peter Port,
Guernsey,
GY1 2QA
Email: dataprotection@ortacunderwriting.com
Telephone: +44 (0)1481 715000

15. Updates to this Privacy Policy
From time to time we will make changes to this Privacy Policy, for example, as the result of government regulation, new technologies, or other developments in data protection laws or privacy generally. You should check our website periodically to view the most up-to-date Privacy Policy. This Privacy Policy was last updated on 9th January 2019

16. Further Information
For further information on how insurance market participants process personal data throughout the insurance lifecycle, please visit: https://www.londonmarketgroup.co.uk/gdpr