Who does this Privacy Policy apply to?

This Privacy Policy applies to all individuals whose personal information we process, including clients, third parties, those making a claim against any policy of (re)insurance we arrange, as well as our partners, employees and others who work for the Acrisure Re Group in any capacity, in compliance with applicable data privacy laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), the Bermuda Personal Information Protection Act (PIPA), and relevant US state laws.

This Privacy Policy describes the way in which we use your personal information and provides details of your rights. It contains important information so please make sure you read it carefully. This Privacy Policy applies whether you interact with the Acrisure Re Group by e-mail, by telephone, in writing, in person or through our online services.

A separate privacy policy governs the way in which our parent company, Acrisure LLC, collects and uses personal information and a copy of this is available at https://www.acrisure.com/privacy-policy/ 

This Privacy Policy should be read in conjunction with the Terms of Business Agreement (“TOBA”) which the Acrisure Re Group has in place with your company.

Types of personal information which we may collect about you:

• Individual details, contact information and other identifiers: name, address, other contact details such as email address, Internet Protocol (IP) address and phone numbers, alias, job title and role, account name, social security or national insurance number (or local equivalent), driver’s license number, passport number, or other similar identifiers.
• Customer/Client records: paper and electronic customer records containing personal information, such as name, signature, physical characteristics or description, address, telephone number, education, current employment, employment history, social security number, passport number, driver’s license or state identification card number, insurance policy number, bank account number or any other financial or payment information, medical information, or health insurance information.
• Protected classifications: characteristics of protected classifications such as race, color, sex, age, religion, national origin, disability, citizenship status, and genetic information.
• Commercial Information: including records of real property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.
• Usage data: internet or other electronic network activity Information including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
• Employment history: professional or employment-related information.
• Account registration details: Username, passwords.
• Marketing preferences: Opt-in/Opt-out

Where we collect your personal information

We may collect personal information about you when:

• You or your company does business with us
• You register for or use our online services;
• You contact or communicate with us;
• You are employed by or otherwise provide services to us.

In most circumstances the Acrisure Re Group will act as a data controller in respect of your personal information.

How we use and disclose your personal information and our legal basis for doing so

In compliance with applicable data privacy laws the lawful bases we rely on for processing this information include:

A. Contractual obligation: If necessary to enter into or fulfil Acrisure Re Group’s obligations under the contract between us, or otherwise necessary for Acrisure Re Group’s legitimate business needs consistent with the TOBA we have in place with you and in the interest of providing an efficient service to you and your customers:

• Set up an account.
• Maintain that account.
• Allow you to access and make use of the Company’s online services.
• Administer and manage products that you or your clients have with us.
• Manage quotations, enquiries, queries and complaints.
• Carry out necessary background checks to make sure you are a legitimate person to do business with.
• To market our products and services – we will use your personal information to keep you informed about our products and services subject to your marketing preferences.

To make improvements to our operations – we will use your personal information for research and statistical purposes to analyse our website, products and other services so we can improve our understanding of user needs and enhance our products.

• To meet the responsibilities, we have to our regulators, tax officials, law enforcement or otherwise meet our legal responsibilities. We may use personal information to comply with requirements we have under Financial Conduct Authority rules and laws relating to anti-money laundering, financial crime, anti-bribery & corruption and to prevent and detect fraud.
• Where we have obtained appropriate consents from you – to collect or use your personal information for a particular purpose - this will always be explained to you separately when we ask for your consent. If we need your consent to use any specific information, we will make that clear at the time we collect the information from you. You are free to withhold your consent or withdraw it at any time.

B. Legitimate Interest: If necessary for our legitimate business interests including:

• to provide services under the TOBA with you,
• to develop, enhance and promote the products and services we provide;
• to correspond with you, notify you of events or changes to our services, or otherwise respond to your queries and requests for information;
• to protect and defend our legal rights and interests and those of third parties.

C. Legal obligation: If necessary for compliance with the Acrisure Re

Group’s legal responsibilities and obligations to comply with applicable laws and regulations, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), the Bermuda Personal Information Protection Act (PIPA), and relevant US state laws.

D. Consent: You have provided the Company with your consent.

Use of third-party information

We may obtain information about you from third party service providers and databases for assurance purposes. Below are typical third-party service providers from whom we may obtain information about you to help us provide our services:

• IT / Software hosting - service providers such as entities providing customer service, email delivery, auditing, hosting our Websites and other services.
• Events hosting – providers involved in arranging events that you register for, to facilitate your participation in those events. KYC / Due diligence – third parties who provide KYC, due diligence services as part of client verification requirements.
• Financial reporting and verification - To do business we may obtain a financial report to understand and verify your financial position, capitalization, bankruptcy, solvency and overall financial resilience.

Disclosing and sharing your information

If you request a quote, or purchase a product on behalf of your client, information about you and your company may be shared with and processed by third party service providers who help us facilitate the administration of our business. We enter contracts with those service providers to make sure they protect you and your customers’ personal information using appropriate security measures. Below is a list of service providers that may have access to personal information to help us to provide our products and services:

• Administrative Support – The Acrisure Re Group employs third party service providers to manage inbound and outbound correspondence (i.e., scanning, referencing post, cheque processing, printing and postal services) and other administrative tasks.
• Broker Management support – Contracted companies who license their broker support systems and software to help support and facilitate our business and enable the provision of your services.
• Document Management - Document storage and document destruction.
• Fraud Prevention Organizations - We share data with fraud prevention organizations to meet our regulatory requirements and to protect the Company, our clients, policyholders and claimants.
• IT and Related Providers - Software licenses/subscriptions, outsourced infrastructure support, insurance systems, payment platform providers, telephony infrastructure and recordings.
• Out of Hours Suppliers - These are contracted parties to handle claims notification and indemnity enquiries outside of the Company’s normal operating hours. They may have limited remote access to the Company’s systems.
• Professional Advisers - Legal advisers, accountants, auditors, tax advisors, cyber security experts, project managers and other professional advisers.

We may also share information about you with:

• our regulators and law enforcement bodies as necessary for purposes of fraud prevention and detection and legal or regulatory requirements.
• our clients if they have queries about the services between you, them and us.

Marketing and Cookies

To protect your privacy rights and your choice and control over the use of your personal information, we will always allow you the opportunity to opt out of marketing communications when you register your contact information with us. In addition, you can always opt out of receiving direct marketing by using the unsubscribe links you will find on our marketing emails.

We rely on third-party advertising technology (such as the deployment of cookies or small text files on our website) to collect information about you, which is used to optimise what you may see on our websites and deliver content when you are browsing elsewhere. We may also collect information about your use of other websites. We do this to provide you with advertising that we believe may be relevant for you, as well as to improve our own products and services.

Fraud Prevention and Detection

To prevent and detect fraud we may at any time:

• Share information about you with other organizations and public bodies including the Police and other law enforcement agencies.
• Undertake credit searches and additional fraud searches.
• Check and/or file your details with fraud prevention agencies and databases, and if you give us false or inaccurate information and we suspect fraud, we will record this to prevent fraud and money laundering.

We can supply, on request, further details of the agencies and databases we access or contribute to and how this information may be used.

We and other organizations may also search these agencies and databases to:

• Help make decisions about the provision and administration of insurance, credit and related services.
• Trace debtors or beneficiaries, recover debt, prevent fraud.
• Check your identity to prevent money laundering unless you furnish us with other satisfactory proof of identity.

Any requests for information we receive from law enforcement bodies or regulators will be carefully validated before any personal information is disclosed.

International Transfers

Some of the organizations we share information with may be located outside of the European Economic Area ("EEA") and/or Bermuda. We will always take steps to ensure that any transfer of information outside the EEA and/or Bermuda is carefully managed to protect your privacy rights. We will only transfer personal information to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.

Where we transfer your data to third party service providers, we will obtain contractual commitments and assurances from them to protect your personal information. Where applicable, these assurances include the standard contractual clauses approved by the European Commission and recognized certification schemes.

Retention

We will keep your personal data only for as long as is necessary for the purpose for which it was collected. Where we are required to keep your information for legal or regulatory purposes, we have various retention periods for different types of information and records. If you would like more information about this, please contact us at the address shown below.

Your Rights

You have rights under the applicable data privacy laws including the right to access the information we hold about you, to receive a copy of that information (subject to any legal restrictions that may apply), to have the information corrected if it is inaccurate, and to have it updated if it is incomplete.

We may ask for proof of your identity before we can respond to your request.

You have the right to opt out of receiving marketing at any time. You can use the unsubscribe option that is included in all our marketing emails or contact us using the details given below.

In certain circumstances you may also have the following rights:

• The right to have your data deleted.
• The right to restrict or object to the processing of your personal data.
• Where you have provided personal data voluntarily, or otherwise consented to its use, the right to withdraw your consent.
• The right to receive a copy of the personal information which you have provided to us, in a structured, commonly used and machine-readable format or to request that we transfer that information to another party (known as “data portability”).

If you wish to exercise any of your rights, please contact us at the address below. A copy of our Data Protection Policy is available on request.

Changes to this Privacy Policy

We may amend this Privacy Policy from time to time, for example to keep it up to date or to comply with legal requirements. You should regularly check this Privacy Policy for updates. If there will be any significant changes made to the use of your personal information in a manner different from that stated at the time of collection, we will notify you by posting a notice on our website.

Contact us

If you have any questions about this Privacy Policy or how to exercise your rights please write to:

Name: F.A.O. Global Head of Risk & Compliance
Address: 9th Floor, 40 Leadenhall Street, London, EC3A 2BJ, UK
Phone Number: +44 (0) 2045850420
E-mail: [email protected]

Your right to complain

If you are not satisfied with our use of your personal information, you have a right to make a complaint to your local data protection supervisory authority at any time.

In the UK this is the Information Commissioners Office. (www.ico.org.uk)

We ask that you please attempt to resolve any issues with us before contacting the ICO.

Information Commissioner’s Office
Wycliffe House Water Lane
Wilmslow Cheshire
SK9 5AF

Tel: 0303 123 1113
Email: [email protected]

Bermuda

If you believe that our processing of your personal information does not comply with the Personal Information Protection Act 2016 in Bermuda, you have the right to lodge a complaint with the supervisory authority:

Office of the Privacy Commissioner for Bermuda (PrivCom)

Address:
Privacy Commissioner
P.O.Box HM 3130
Hamilton
Bermuda
Tel: +1(441)5437748
Email: [email protected]