GDPR Privacy Notice
APC London Market Ltd (and other members of our corporate group) believe in protecting the personal information that you provide us with. The privacy and security of your personal data is very important to us and we want to assure you that your personal data will be properly managed and protected.
This notice is designed to help you understand how we process your personal data through the Insurance Lifecycle. It is important that you read this notice.
This notice may be updated from time: this version is dated 01/06/2022 but historic versions are available on request.
Insurance involves the use and disclosure of your personal data by various insurance market participants such as intermediaries, insurers and reinsurers. The London Insurance Market has produced a Core Uses Information Notice which sets out those core necessary personal data uses and disclosures throughout the Insurance Lifecycle, and in particular sets out how other insurance market participants process your personal data.
Our core uses and disclosures are consistent with the London Market Core Uses Information Notice. In addition to reviewing our information notice, we recommend you review the London Insurance Market Core Uses Information Notice. Please follow the below link to The London Insurance Market Core Uses Information Notice at www.lmalloyds.com:
Please note that we do not control the London Market Association (LMA) website and are not responsible for the London Insurance Market Core Uses Information Notice.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact our data protection contact using the details set out below:
APC London Market Ltd
Suite 108, 150 Minories
- Insurance Lifecycle
- Flow of personal data through insurance lifecycle
- The data we may collect about you (your personal data)
- Where we might collect your personal data from
- Legal grounds we rely on to process your personal data
- Purposes, categories, legal grounds and recipients of our processing your personal data
- Identities of data controllers and data protection contacts
- Consent to process your personal data
- Retention of your personal data
- International transfers
- Your rights and contact details of the ICO
- Your right to complain to the ICO
Please see below a glossary of key insurance and data protection terms used in this notice for your ease. These defined words are shown in bold throughout this notice:
Beneficiary means an individual or a company that an insurance policy states may receive payment under the insurance policy if an insured event occurs. A beneficiary does not have to be the insured/policyholder and there may be more than one beneficiary under an insurance policy.
Claimant means either a beneficiary who is making a claim under an insurance policy or an individual or a company who is making a claim against a beneficiary where that claim is covered by the insurance policy.
Claims processing means the process of handling a claim that is made under an insurance policy.
Data controller(s) means an entity which collects and holds personal data. It decides what personal data it collects about you and how that personal data is used. Any of the insurance market participants when using your personal data for the purposes set out in “Purposes, categories, legal grounds and recipients of our processing your personal data” on page 7 of this Notice could be data controllers.
Data protection contact means the person named by the relevant insurance market participant who you should contact if you have any queries or requests regarding your personal data or how we are using it. In many cases (although not all), this person will the Data Protection Officer of the relevant insurance market participant.
GDPR means the EU General Data Protection Regulation and the new UK Data Protection Act, which replaces the UK Data Protection Act 1998 from 25th May 2018.
Inception means the start date of the insurance policy.
Information Commissioner’s Office (ICO) means the regulator (or National Competent Authority/Data Protection Authority) for data protection matters in the UK.
Insurance means the pooling and transfer of risk in order to provide financial protection against a possible eventuality. There are many types of insurance.
Insurance policy(ies) means a contract of insurance between the insurer and the insured/policyholder.
Insurance market participant(s) or participant(s) means an insurer or reinsurer.
Insured(s)/policyholder(s) means the individual or company in whose name the insurance policy is issued.
Insurer(s)/underwriter(s) means a company who provide insurance cover to insured/policyholder in return for premium. An insurer may also be a reinsurer.
Lloyd’s means a specialist insurance market place where insurance policies are underwritten.
Policy administration means the process of administering and managing an insurance policy following its inception.
Personal data means any data from which you can be identified and which relates to you. It may include data about any claims you make. Personal data does not include any data where the identity of a natural person has been removed (anonymous data).
Processing of personal data means collecting, using, storing, disclosing or erasing your personal data.
Premium means the amount of money to be paid by the insured/policyholder to the insurer/underwriter for the insurance policy.
Quotation means the process of providing a quote to a potential insured/policyholder for an insurance policy.
Reinsurance means insurance purchased by an insurer from a reinsurer.
Reinsurer(s) means a company who provide insurance cover to another insurer/underwriter or reinsurer.
Renewal means the process of the insurer under an insurance policy providing a quotation to the insured/policyholder for a new insurance policy to replace the existing one on its’ expiry.
We, us, our means APC London Market Ltd.
You or your means the individual whose personal data may be processed by an insurance market participant. You may be the insured/policyholder, beneficiary, claimant or other person involved in a claim or relevant to an insurance policy.
In order for us to obtain insurance quotations, administer insurance policies and/or deal with any claims or complaints, we need to collect and process personal data about you. Where we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the services we have provided or are trying to provide to you (for example, to obtain insurance for you).
We also collect, use and share aggregated data such as statistical or demographic data for our legitimate business interests. Aggregated data may be derived from your personal data but does not reveal your identity. However, any data which can identify you will be treated as personal data and used in accordance with this privacy notice.
Where we might collect your personal data from
We might collect your personal data from various sources depending on your particular circumstances including;
- Your family members, employer, insurance broker or representative;
- Other insurance market participants;
- Credit reference agencies;
- Anti-fraud databases, sanction lists, court judgements and other databases;
- Government agencies such as DVLA and HMRC;
- Open electoral register;
- Data held in the public domain
- In the event of a claim:
Legal grounds we rely on to process your personal data
Please note that in addition to the disclosures we have identified against each purpose, we may also disclose personal data for those purposes to our service providers, agents and group companies that perform activities relating to your insurance on our behalf.
Please be aware that we may process your personal data on the basis of more than one legal ground depending on the specific purpose for which we are using your personal data. Please contact our data protection contact if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table above.
Identities of data controllers and data protection contacts
The Insurance Lifecycle involves the sharing of your personal data between us and other insurance market participants, some of which you will not have direct contact with. In addition, your personal data may not have been collected directly by an insurance market participant.
You can find out the identity of the initial data controller of your personal data within the Insurance Lifecycle in the following ways:
- Where you took out the insurance policy yourself
The insurer/underwriter and, if purchased through an intermediary, the intermediary will be the initial data controller and their data protection contact can advise you on the identities of other insurance market participants that they have passed your personal data to.
- Where your employer or another organisation took out the insurance policy for your benefit
You should contact your employer or the organisation that took out the insurance policy. Your employer or other organisation should provide you with details of the insurer/underwriter or intermediary that they provided your personal data to. You should then contact the insurer’s/underwriter’s data protection contact who can advise you on the identities of other insurance market participants that they have passed your personal data to.
- Where you are not a policyholder or an insured
You should contact the organisation that collected your personal data who should provide you with details of the relevant insurance market participant’s data protection contact.
Consent to process your personal data
In order to provide insurance quotations and deal with insurance policy administration (including claims assistance), we and other insurance market participants may need to process your special categories of personal data, such as medical and criminal conviction records, as set out above against the relevant purpose.
Your consent to this processing may be necessary for us and the insurance market participants to achieve this.
You may withdraw your consent to such processing at any time. However, if you withdraw your consent this will impact our ability to provide our services to you.
Marketing communications from us
We may use your individual details and policy information to evaluate the products and services which we think will be of interest and relevant to you.
Unless you have told us not to, you may receive marketing communications from us if you have requested information from us or purchased services from us. Such marketing communications may include risk or insurance related information or details of products or services which we think, may be of interest to you.
Third party marketing
You can ask us or third parties to stop sending you marketing communications at any time by contacting our data protection contact at email@example.com.
Retention of your personal data
We will keep your personal data including aggregated data for so long as is necessary and for our legitimate business interests (e.g. transferring books of business). In addition, for so long as there is any possibility that either you or we may wish to bring a legal claim under this insurance, or where we are required to retain your personal data due to legal or regulatory reasons.
We may need to transfer your personal data to insurance market participants or their affiliates or sub-contractors which are located outside of the European Economic Area (EEA). Those transfers would always be made in compliance with the GDPR.
If you would like further details of how your personal data would be protected if transferred outside of the EEA, please contact the data protection contact of the relevant insurance market participant.
Your rights and contact details of the ICO
If you have any questions in relation to our use of your personal data, you should first contact the data protection contact of the relevant insurance market participant. Under certain conditions, you may have the right to require us to:
- provide you with further details on the use we make of your personal data including special categories of data;
- provide you with a copy of the personal data including special category data that you have provided to us;
- update any inaccuracies in the personal data including special category data we hold;
- delete any personal data including special category data that we no longer have a lawful ground to use;
- where processing is based on consent, to withdraw your consent so that we stop that particular processing;
- object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
- restrict how we use your personal data whilst a complaint is being investigated.
In certain circumstances, we may need to restrict the above rights in order to safeguard the public interest e.g. the detection and prevention of crime and our interests e.g. the maintenance of legal privilege.
Your right to complain to the ICO
If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights above, or if you think we have breached the GDPR then you have the right to complain to the ICO.
Please see below contact details of the ICO: