Your Privacy and Security
Introduction
This Privacy Notice will help you understand how we collect, use and protect your personal data when you interact with us. Please take a few moments to read the sections below and learn how we may use personal data. You should also show this notice to anyone whose personal data you may disclose to us.
In order to comply with regulations we retain the data in relation to your quote for 12 months from the date of quotation. We retain the data in relation to your insurance contract for seven years after conclusion of the contract you hold with us. Any data which has Employers Liability will be kept for 40 years.
The data controller is Munich Re Specialty Insurance (UK) Limited, Union, 2-10 Albert Square, Manchester, M2 6LW.
Please contact the Data Protection Officer (details below), if you have any questions about this privacy notice or about your Data Subject Rights including:
- Subject Access Request: To request access to your personal data and information around its processing.
- Rectification: To have your personal data corrected if it is inaccurate.
- Restrict Processing: To restrict processing where your personal data is inaccurate or the processing is unlawful.
- Objecting to direct marketing.
- Object to processing based on legitimate interest.
- Data Portability: The transfer of your personal data to another Data Controller.
- Erasure: To have your personal data removed or deleted.
The Data Protection Officer
Munich Re Specialty Insurance (UK) Limited (c/o GJWDirect)
1 Fen Court
London
EC3M 5BN
Email: dataprotection@gjwdirect.co.uk
What Information Do We Collect About You?
We will collect your personal data when:
- You contact us to ask a question.
- You obtain a quotation from us.
- You use our website.
- We process any new policy documentation, renewal documentation, mid-term adjustments and process claims.
- When we provide you with information about our services.
Personal Data
Categories of data |
Types of information processed |
Where the data may come from |
Who we may disclose the data to |
Purpose of processing |
Lawful basis of processing |
Individual information
|
Name. Address. Marital status. Date and place of birth. Nationality. |
Insurance intermediaries or other insurance market participants. You and your family Credit reference agencies (if credit is applied for). Introducers and other marine related organisations |
The insurer. Group companies providing administration. Reinsurers. Credit reference agencies (if credit is applied for). Anti-fraud databases. Introducers and other marine related organisations. |
Setting you up as a client including possible fraud, sanctions, credit and anti- money laundering checks. Evaluating and pricing the risks to be insured and validating any appropriate premium.
|
Performance of our contract with you. |
Categories of data |
Types of information processed |
Where the data may come from |
Who we may disclose the data to |
Purpose of processing |
Lawful basis of processing |
Financial Information |
Premiums and claims paid on your policies. Bank account or payment card details. Income and other financial information. |
Insurance intermediaries or other insurance market participants. You and your family. Credit reference agencies (if credit is applied for). |
The insurer. Group companies providing administration. Credit reference agencies (if credit is applied for). Anti-fraud databases. |
Collecting any appropriate premium. |
Performance of our contract with you. |
Statutory and Anti-Fraud Information |
Credit history, credit score, sanctions and information from anti-fraud databases concerning you. |
Insurance intermediaries or other insurance market participants. You and your family. Credit reference agencies (if credit is applied for). Anti-fraud databases, sanctions lists, court judgements and other government agencies |
The insurer. Group companies providing administration. Credit reference agencies (if credit is applied for). Anti-fraud databases. |
Setting you up as a client including possible fraud, sanctions, credit and anti- money laundering checks. |
Performance of our contract with you. Compliance with a legal obligation. |
Claim Information
|
Information about previous and current claims. |
Insurance intermediaries or other insurance market participants. You and your family. Credit reference agencies (if credit is applied for). Anti-fraud databases, claimants, defendants, witnesses, experts inc. medical experts, loss adjustors, solicitors and claims handlers. |
The insurer. Group companies providing administration. Reinsurers. Credit reference agencies (if credit is applied for). Anti-fraud databases. |
Managing insurance and reinsurance claims. Defending or prosecuting legal claims. Investigating or prosecuting fraud. |
Performance of our contract with you. Processing is necessary for the defence of legal claims. Compliance with a legal obligation. |
Categories of data |
Types of information processed |
Where the data may come from |
Who we may disclose the data to |
Purpose of processing |
Lawful basis of processing |
Email, SMS and Telephone Recordings
|
Name, address, marital status, date and place of birth, nationality, employer, job title, employment history, family details and their relationship to you. |
Where the data comes from You and your family. Credit reference agencies (if credit is applied for). |
The insurer. Group companies providing administration. Reinsurers. Credit reference agencies (if credit is applied for). Anti-fraud databases. |
Setting you up as a client including possible fraud, sanctions, credit and anti- money laundering checks. Evaluating and pricing the risks to be insured and validating any appropriate premium. Prevention of unauthorised use of our telecommunications systems and websites. Quality control and training |
Performance of our contract with you. Compliance with a legal obligation.
|
Special Categories of Personal Data
Categories of data |
Types of information processed |
Where the data may come from |
Who we may disclose the data to |
Purpose of processing |
Lawful basis of processing |
Individual data |
Gender, health information and medical reports. |
Insurance intermediaries or other insurance market participants. You and your family. Credit reference agencies (if credit is applied for). |
The insurer. Group companies providing administration. Reinsurers. Other intermediaries or market participants. Credit reference agencies (if credit is applied for). Anti-fraud databases. |
Evaluating and pricing the risks to be insured and validating any appropriate premium. |
Is necessary for an insurance purpose. Processing is necessary for the defence of legal claims |
Statutory and Anti-Fraud Information
|
Criminal records and convictions. Surveillance reports.
|
You and your family. Credit reference agencies (if credit is applied for). Anti-fraud databases, sanctions lists, court judgements and other government agencies.
|
The insurer. Group companies providing administration. Reinsurers. Other intermediaries or market participants. Credit reference agencies (if credit is applied for). Anti-fraud databases |
Setting you up as a client including possible fraud, sanctions, credit and anti- money laundering checks. |
Processing carried out under the control of official authority |
Non-Personal Data Collected Online
Please see our cookie policy on our website https://www.gjwdirect.com/cookie-policy/
Dealing With Other People
Policy Administration
We will deal with anyone named on the policy. It is not our policy to deal with anyone that is not named on your policy, e.g. your spouse, partner or parent without your written consent. If you would like someone else to deal with your policy on your behalf on a regular basis, please let us know.
If you give us information about another person, in doing so you confirm that they have given you permission to provide it to us to be able to process their personal data (including any special categories of personal data) and that you have told them who we are and what we will use their data for, as set out in this privacy notice.
Marketing
If you have opted into marketing, the lawful basis will be consent.
If you have opted in to receive marketing material from GJW Direct, MyBoat or group companies (which includes any company of whom the ultimate parent company is Munich Re Specialty Global Markets), we will contact you from time to time by telephone, post, e-mail or SMS to keep you informed with news, products or services, including but not limited to boat insurance together with carefully selected offers or promotions which we feel may be of interest to you. Other carefully selected companies may also contact you by post.
If you would like to receive marketing material or you have opted in and want it to stop, please contact us by using the email address insure@gjwdirect.com, Tel: 0151 473 8000 or write to The Data Protection Officer at the above address.
Confidentiality
We treat your personal data as private and confidential.
The disclosures we make have been detailed in the “What information do we collect about you” section above.
We would like to bring to your attention our obligations to disclose information in the following four exceptional cases permitted by law, and the other situations as set out below.
These are:
- Where we are legally compelled to do so;
- Where there is a duty to the public to disclose;
- Where disclosure is required to protect our interest;
- Where disclosure is made at your request or with your consent.
Also, from time to time, we will employ agents and sub-contractors to process your personal data on our behalf. These include IT Software Suppliers and Payment Services Suppliers. The same duty of confidentiality and security will apply to them and all processing will be carried out under our instruction.
When taking out a policy for your narrowboat, it is necessary for us to pass your information to River Canal Rescue (RCR) to enable your contract with them to be fulfilled. Once we have passed your data to RCR, they will become the Data Controller. A copy of RCR's privacy policy can be found at http://www.rivercanalrescue.co.uk/privacy-cookie/
If you make a complaint about the service we have provided, we may be obliged to forward details about your complaint, including your personal data to the relevant Ombudsman, the insurer and to Lloyds.
In the unfortunate event that you have to make a claim, then we will need to disclose information with any other party involved in that claim. This may include:
- Third parties involved with the claim, their insurer, solicitor or representative;
- Medical teams, the police or other investigators and Courts.
Credit Reference
When you apply to open an account with us, we make a number of checks to assess your application for credit and verifying identities to prevent and detect crime and money laundering. To obtain this information, we will check the following records about you and anyone else who may also be insured and whose personal details have been provided as part of the insurance application.
Our own records
Credit Reference Agency (CRA) records. When we search these CRAs, this will place a search footprint on your credit file that may be seen by other lenders. They supply us with both public (including the electoral register), and shared credit and fraud prevention information.
Fraud Prevention Agency (FPA) Records
We make searches about you at credit reference agencies who will supply us with information, including the Electoral Register and credit information. The agencies will record details of the search whether or not your application proceeds. The searches will not be seen or used by lenders to assess your ability to obtain credit. We may use scoring methods to assess this application and to verify your identity. Credit searches and other information which is provided to us and/or the credit reference agencies, about you and those with whom you are linked financially, may be used by other companies if you, or other members of your household, apply for other facilities including insurance applications and claims. This information may also be used for debt tracing and the prevention of money laundering as well as the management of your account. Alternatively, we may ask you to provide physical forms of identification.
We may also make periodic searches at CRAs and FPAs to manage your account with us.
Information on applications will be sent to and recorded by CRAs. When you borrow from us, we will give details of your account(s) and how you manage it/them to CRAs. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs and FPAs to perform similar checks, and to trace your whereabouts and recover debts that you owe. Records remain on file for six years after they are closed, whether settled by you or defaulted.
If you give us false or inaccurate information and we suspect identify fraud, we will record it and may also pass this information to FPAs and other organisations involved in the prevention of crime and fraud.
If you borrow from us and do not make payments that you owe us, we will trace your whereabouts and recover debts.
Your data may also be used for other purposes for which you give your specific permission or, in very limited circumstances, when required by law.
How to Find Out More
This is a condensed guide to the use of your personal data. If you would like to read the full details of how your data may be used please contact the Data Protection Officer at the address above.
You can contact the CRAs currently operating in the UK; the information they hold may not be the same so it is worth contacting them all. They will charge you a small statutory fee.
- Call Credit. Consumer Services Team, One Park Lane, Leeds, LS3 1EP or call 0845 366 0071 or log on to callcredit.co.uk
- Credit File Advice Centre, PO Box 1140, Bradford, BD1 5US or call 0844 335 0550 or log on to www.equifax.co.uk
- Credit Expert, PO Box 7710, Nottingham, NG80 7WE or call 0344 481 0800 or log on to www.experian.co.uk
If necessary, we may also have to investigate your claims and conviction history in the course of administering any claim. You can be assured that we will keep such investigations strictly confidential.
Insurers pass information to the Claims Underwriting and Exchange Register, run by Insurance Database Services (IDS). This helps insurers check information and prevent fraudulent claims. When we deal with your request for insurance we may search these registers. Under the conditions of your policy you must tell us about any incident (such as an accident or theft) which may give rise to a claim. When you tell us about an incident, we will pass information to the registers.
Fraud Prevention and Detection Notice
In order to prevent and detect fraud, insurers may, at any time:
- Share information about you with us and other group companies;
- Pass details to Insurance Hunter, a central insurance application and claims checking system, whereby it may be checked against information held by Insurance Hunter and shared with other insurers.
- If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies.
- Law enforcement agencies may access and use this information.
- We, and other organisations, may also access and use this information to prevent fraud and money laundering, for example when:
- Checking details on applications for credit and credit related or other facilities;
- Managing credit and credit related accounts or facilities;
- Recovering debt;
- Checking details on proposals and claims for all types of insurance.
We and other organisations may access and use, from other countries, the information recorded by fraud prevention agencies.
We may also disclose information about you and your policy to:
- The insurer and other group companies;
- Other insurance companies and third parties in connection with a proposed or actual sale, merger, acquisition, reorganisation, business transfer, financial arrangement, asset disposal, or other corporate or financial transaction relating to our business and/or assets held by our business;
- Where it is necessary to deliver the products and services bought by you, for example, we may disclose your personal data to a credit card company to validate your credit card details and obtain payment. It may also be necessary for us to pass your personal data to the organisation from whom you have ordered any products or services other than your insurance product, such as legal expense provider, etc. At all times we will remain the data controller unless we inform you otherwise.
Information Security
Your privacy is important to us and we follow strict security and organisational procedures in the processing, storage, destruction of your information. This is to prevent unauthorised access or loss of your information.
Transfer of data
We will not transfer your personal data outside the UK or EEA where there is not an adequate level of data protection.
Your personal data may be disclosed to companies within our Group or to Service Providers outside the UK or EEA. However, we ensure that there is an adequate level of data protection in place and adhered to by these parties.
You can find out the details about any other party we have shared your personal data with by contacting the Data Protection Officer at the address provided at the top of this privacy notice.
Privacy Support
We reserve the right to amend or modify this privacy notice at any time and in response to changes in applicable law.
If you are unhappy with any response or have a complaint. You can raise this with:
The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF