W Denis Insurance Brokers Plc (W Denis), strives to protect the privacy and the confidentiality of Personal Data that the company processes in connection with the services it provides to clients. W Denis’ services consist primarily of risk consulting and insurance broking, which enable the consideration of, access to, administration of, and making of claims on, insurance.
To arrange insurance cover and handle insurance claims, W Denis and other participants in the insurance industry are required to use and share Personal Data. For an overview of how and why the insurance industry is required to use and share Personal Data please see the Insurance Market Core Uses Information Notice hosted on the website of a UK insurance industry association, the Lloyd’s Market Association (the LMA Notice). W Denis’ use of Personal Data is consistent with the LMA Notice.
During the insurance lifecycle W Denis will receive Personal Data relating to potential or actual policyholders, beneficiaries under a policy, their family members, claimants and other parties involved in a claim. Therefore references to “individuals” in this notice include any living person from the preceding list, whose Personal Data W Denis receives in connection with the services it provides under its engagements with its clients. This notice sets out W Denis’ uses of this personal data and the disclosures it makes to other insurance market participants and other third parties.
Identity of Controller and Contact Details
W Denis Insurance Brokers Plc of Brigade House, 86 Kirkstall Road, Leeds LS3 1LQ (W Denis or We) is the controller in respect of the Personal Data it receives in connection with the services provided under the relevant engagement with its client.
Personal Information that We Process
We collect and process the following Personal Data:
Individual details
Name, address (and proof of address), other contact details (e.g. email and telephone details), gender, marital status, family details, date and place of birth, employer, job title and employment history, relationship to the policyholder, insured, beneficiary or claimant.
Identification details
Identification numbers issued by government bodies or agencies (e.g. depending on the country you are in, social security or national insurance number, passport number, ID number, tax identification number, driver’s license number).
Financial information
Payment card number, bank account number and account details, income and other financial information. Insured risk
Information about the insured risk, which contains Personal Data and may include, only to the extent relevant to the risk being insured:
- Health data – current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g. smoking or consumption of alcohol), prescription information, medical history;
- Criminal records data – criminal convictions, including driving offences; and
- Other Special Categories of Personal Data – racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning an individual’s sex life or sexual orientation.
Policy information
Information about the quotes individuals receive and the policies they obtain.
Credit and anti-fraud data
Credit history and credit score, information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies.
Previous claims
Information about previous claims, which may include health data, criminal records data and other Special Categories of Personal Data (as described in the Insured Risk definition above).
Current claims
Information about current claims, which may include health data, criminal records data and other Special Categories of Personal Data (as described in the Insured Risk definition above).
Marketing
Whether or not the individual has consented to receive marketing from us and/or from third parties. Website
Details from visits to websites
Where we collect such information directly from individuals, we will inform them of whether the information is required and the consequences of not providing it on the relevant form.
Sources of Personal Data
We collect and receive Personal Data from various sources, including (depending on the service provided and country you are in):
- Individuals and their family members, online or by telephone, or in written correspondence
- Individuals’ employers or trade or professional associations of which they are a member
- In the event of a claim, third parties including the other party to the claim (claimant/ defendant), witnesses, experts (including medical experts), loss adjusters, lawyers and claims handlers
- Other insurance market participants, such as insurers, reinsurers and other intermediaries
- Credit reference agencies
- Anti-fraud databases and other third party databases, including sanctions lists
- Government agencies, such as vehicle registration authorities and tax authorities
- Claim forms
- Open electoral registers and other publicly available information
- Business information and research tools
- Third parties who introduce business to us
How We use and Disclose Your Personal Data
In this section, we set out the purposes for which we use Personal Data, explain how we share the information, and identify the “legal grounds” on which we rely to process the information.
These “legal grounds” are set out in the General Data Protection Regulation (the GDPR), which allows companies to process Personal Data only when the processing is permitted by the specific “legal grounds” set out in the GDPR.
|
Purpose of Processing |
Legal grounds |
Disclosures |
|
Quotation/Inception |
||
|
Establishing a client relationship, including fraud, anti-money laundering and sanctions checks |
• Performance of our contract with the individual (if he/she is the client) • Compliance with a legal obligation • Legitimate interests of W Denis (to ensure that the client is within our acceptable risk profile and to assist with the prevention of crime and fraud) For processing special categories of Personal Data (e.g. health information) and criminal records data: • Consent • Substantial public interest |
• Anti-fraud databases |
|
Checking credit where we are taking any credit risk |
• Legitimate interests of W Denis (to ensure that the client is within our acceptable risk profile and to assist with the prevention of crime and fraud) |
• Credit reference agencies |
|
Evaluating the risks to be covered and matching to appropriate insurer, policy and premium |
• Performance of our contract with the individual (if he/she is the client) • Legitimate interests of W Denis (to determine the likely risk profile and appropriate insurer and insurance product) For processing special categories of Personal Data (e.g. health information) and criminal records data: • Consent • Substantial public interest |
• Insurers • Insurance intermediaries such as brokers and aggregators |
|
Policy Administration |
||
|
General client care, including communicating with clients |
• Performance of our contract with the individual (if he/she is the client) • Legitimate interests of W Denis (to correspond with clients, beneficiaries and claimants in order to facilitate the placing of and claims under insurance policies) For processing special categories of Personal Data (e.g. health information) and criminal records data: • Consent • Substantial public interest |
• Insurers |
|
Collection or refunding of premiums, paying on claims, processing and facilitating other payments |
• Performance of our contract with the individual (if he/she is the client) • Legitimate interests of W Denis (to recover debts due to us) |
• Insurers • Banks • Debt recovery providers |
|
Facilitating premium finance arrangements |
• Performance of our contract with the individual (if he/she is the client) • Legitimate interests of W Denis (ensuring our clients are able to meet their financial obligations) |
• Premium Finance Providers • Banks |
|
Purpose of Processing |
Legal grounds |
Disclosures |
|
Claims processing |
||
|
Managing insurance claims |
• Performance of our contract with the individual (if he/she is the client) • Legitimate interests of W Denis (to assist our clients in assessing and making claims) For processing special categories of Personal Data (e.g. health information) and criminal records data: • Consent • Substantial public interest |
• Insurers • Claims handlers • Lawyers • Loss adjusters • Experts • Third parties involved in handling or otherwise addressing the claim |
|
Defending or prosecuting legal claims |
• Performance of our contract with the individual (if he/she is the client) • Legitimate interests of W Denis (to assist our client in assessing and making claims) For processing special categories of Personal Data (e.g. health information) and criminal records data: • To establish, defend or prosecute legal claims |
• Insurers • Claims handlers • Lawyers • Loss adjusters • Experts • Third parties involved in handling or otherwise addressing the claim, such as health care professionals |
|
Investigating and prosecuting fraud |
• Performance of our contract with the individual (if he/she is the client) • Legitimate interests of W Denis (to assist with the prevention and detection of fraud) For processing special categories of Personal Data (e.g. health information) and criminal records data: • To establish, defend or prosecute legal claims • Consent • Substantial public interest |
• Insurers • Lawyers • Police • Experts • Other insurers • Anti-fraud databases • Third parties involved in the investigation or prosecution, such as private investigators |
|
Renewals |
||
|
Contacting clients in order to arrange the renewal of the insurance policy |
• Performance of our contract with the individual (if he/she is the client) • Legitimate interests of W Denis (to correspond with clients to facilitate the continuation of insurance cover) |
• Insurers • Insurance intermediaries such as brokers and aggregators |
|
Purpose of Processing |
Legal grounds |
Disclosures |
|
Throughout the insurance lifecycle |
||
|
Marketing |
• Legitimate interests of W Denis (to prospect clients) • Where we do not have an existing relationship with the individual, consent |
|
|
Complying with our legal or regulatory obligations |
• Compliance with a legal obligation • Legitimate interests of W Denis (to take pre-emptive steps to ensure legal and regulatory compliance)
For processing special categories of Personal Data (e.g. health information) and criminal records data: • To establish, defend or prosecute legal claims • Consent |
• Insurance, data protection and other regulators • Police • Insurers • Auditors |
|
Website activities |
||
|
To communicate with you regarding any queries you raise via the website |
• Legitimate interests of W Denis (to correspond with website users) |
|
|
To ensure the website content is relevant and presented in the most effective manner |
• Legitimate interests of W Denis (to provide clients, beneficiaries and claimants with content and services on the website) |
|
Consent
In order to facilitate the provision of insurance cover and administer insurance claims, unless another legal ground applies, we rely on the data subject’s consent to process Special Categories of Personal Data and Criminal Records Data, such as medical and criminal convictions records and for profiling as set out in the next section. This consent allows us to share the information with other Insurers, Intermediaries and Reinsurers that need to process the information in order to undertake their role in the insurance market (which in turn allows for the pooling and pricing of risk in a sustainable manner).
The affected individual’s consent to this processing of Special Categories of Personal Data and Criminal Records Data may be necessary for W Denis to be able to provide the services the client requests.
Where you are providing us with information about a person other than yourself, you agree to notify them of our use of their Personal Data and to obtain such consent for us.
Individuals may withdraw their consent to such processing at any time by contacting the W Denis Data Protection Officer using the contact details at the Questions, Requests or Complaints section below. However, doing so may prevent W Denis from continuing to provide the services to the relevant client. In addition, if an individual withdraws consent to an Insurer’s or Reinsurer’s processing of their Special Categories of Personal Data and Criminal Records Data, it may not be possible for the insurance cover to continue.
Safeguards
We have in place physical, electronic, and procedural safeguards appropriate to the sensitivity of the information we maintain. These safeguards will vary depending on the sensitivity, format, location, amount, distribution and storage of the Personal Data, and include measures designed to keep Personal Data protected from unauthorized access. If appropriate, the safeguards include encryption of information during storage, firewalls, access controls, separation of duties, and similar security protocols. We restrict access to Personal Data to personnel and third parties that require access to such information for legitimate, relevant business purposes.
Limiting Collection and Retention of Personal Information
We collect, use, disclose and otherwise process Personal Data that is necessary for the purposes identified in this Privacy Policy or as permitted by law or regulatory requirements. If we require Personal Data for a purpose inconsistent with the purposes we identified in this Privacy Policy, we will notify clients of the new purpose and, where required, seek individuals’ consent (or ask other parties to do so on W Denis’ behalf) to process Personal Data for the new purposes.
Our retention periods for Personal Data are based on business needs, legal requirements and regulatory requirements. We retain Personal Data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When Personal Data is no longer needed, we either irreversibly anonymise the data (in which case we may further retain and use the anonymised information) or securely destroy the data.
Individuals may request additional information about the specific safeguards applied to the export of their Personal Data.
Cross–Border Transfer of Personal Information
W Denis transfers Personal Data to, or permits access to Personal Data from, countries outside the European Economic Area (EEA). These countries’ data protection laws do not always offer the same level of protection for Personal Data as offered in the EEA. We will, in all circumstances, safeguard Personal Data as set out in this Privacy Policy.
Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections as EEA data protection laws. EU data protection laws allow W Denis to freely transfer Personal Data to such countries.
If we transfer Personal Data to other countries outside the EEA, we will establish legal grounds justifying such transfer, such as model contractual clauses, individuals’ consent, or other legal grounds permitted by applicable legal requirements.
Individuals can request additional information about the specific safeguards applied to the export of their Personal Data.
Accuracy, Accountability, Openness and Your Rights
We strive to maintain Personal Data that is accurate, complete and current. Individuals should contact us at dataprotection@wdenis.co.uk to update their information.
Questions regarding W Denis’ privacy practices should be directed to W Denis’ Data Protection Officer using the contact details in the Questions, Requests or Complaints section below.
Under certain conditions, individuals have the right to request W Denis to:
- provide further details on how we use and process their Personal Data;
- provide a copy of the Personal Data we maintain about the individual;
- update any inaccuracies in the Personal Data we hold;
- delete Personal Data that we no longer have a legal ground to process; and
- restrict how we process the Personal Data while we consider the individual’s enquiry.
In addition, under certain conditions, individuals have the right to:
- where processing is based on consent, withdraw the consent;
- object to any processing of Personal Data that W Denis justifies on the “legitimate interests” legal grounds, unless our reasons for undertaking that processing outweigh any prejudice to the individual’s privacy rights; and
- object to marketing at any time.
These rights are subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). We will respond to most requests within 30 days.
If we are unable to resolve an enquiry or a complaint, individuals have the right to contact the UK data protection regulator, the Information Commissioner’s Office.
Questions, Requests or Complaints
To submit questions or requests regarding this Privacy Policy or W Denis’ privacy practices, please write to the Data Protection Officer at the following address:
The Data Protection Officer
W Denis Insurance Brokers Plc Brigade House
86 Kirkstall Road Leeds LS3 1LQ Phone: 0113 2439812
Email: dataprotection@wdenis.co.uk
Links to Third Party Websites
Our websites may contain links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third party websites.
Changes to this Privacy Policy
This Privacy Policy is subject to change at any time. It was last changed on 25.05.18. If we make changes to this Privacy Policy, we will update the date it was last changed. Where we have an engagement with you, we will notify you of any changes we make to this Privacy Policy in accordance with the notice provisions in the terms of our engagement. In other circumstances, we will publish the revised Privacy Policy on our website.