About this notice
This notice provides information about how Grimme Butcher Jones Limited collects, uses, shares and stores personal data about you, the data subject, in our capacity as a ‘data controller’.
Please note: if you are providing us with the personal data of an individual other than yourself (such as a beneficiary of a policy, an employee, a client, or a member of your organisation), we shall assume that you have the necessary permissions from the data subject for you to share that personal data with us and for us to use it for the purposes outlined in this notice. Where required by data protection law you should make this privacy notice available to the data subject.
What personal data do we process?
We collect and use relevant information about you to perform services as (re)insurance intermediary and Lloyd’s coverholder. This information includes details such as:
- Your name, address, date of birth and contact details;
- Your (re)insurance policy and claims history;
- Where critical for providing the service requested, sensitive details such as information about your health;
- Other information in connection with the (re)insurance cover from which you benefit
How do we collect your personal information?
The information we collect about you may come directly through our contact with you by email, telephone, or written correspondence. Alternatively, it may also be provided to us by a third party, such as a trade association, insurer, (re)insurance broker, anti-financial crime databases, or, in the event of a claim, third parties such as lawyers and loss adjusters.
How do we use your information?
We use your information to enable us to provide you with (re)insurance intermediary and coverholder services. This may include:
- sourcing (re)insurance quotes for you, arranging (re)insurance cover for you with insurers and processing your premium;
- administering and servicing your (re)insurance policy or a policy from which you benefit;
- assisting with the processing, management and/or defence of any re(insurance claims;
- inviting and arranging renewal of your (re)insurance business;
- fulfilling our legal and regulatory obligations;
- detecting and preventing crime (including fraud);
- establishing, exercising, and defending our legal rights;
- fulfilling a legitimate business interest, where such an interest does not conflict with or harm your data privacy rights.
On occasion it may be necessary for us to process sensitive data such as health information to enable us to provide a service you have requested. Where regulation requires you to give your explicit consent for us to process this data, please be aware that we shall not be able to provide you with the services to which that information relates if you choose either not to give your consent, or choose later to withdraw it.
Who do we share your information with?
The way (re)insurance works means that your information may be shared with, and used by, a number of third parties in the (re)insurance sector, for example: insurers, agents or brokers; reinsurers; loss adjusters; sub-contractors; regulators; law enforcement agencies; fraud and crime prevention and detection agencies; and compulsory (re)insurance databases.
We will only disclose your personal information in connection with the (re)insurance services that we provide and to the extent required or permitted by law.
For a guide to how and why the (re)insurance industry is required to use and share personal data, please see the Insurance Market Core Uses Information Notice. This is published on the London Market Group website here: https://www.londmarketgroup.co.uk/gdpr
We may occasionally need to share your information with firms based outside the EU, for example to perform financial crime checks or because there are non-EU based firms involved in your (re)insurance transaction or claim. Any such transfer will be treated securely ad in accordance with the applicable legislation.
How long do we store data for?
We will not keep your data for longer than is necessary once we have fulfilled the processing purposes(s) set out in this policy unless we need to do so to comply with our legal and regulatory obligations or to enable us to establish, exercise, and defend our legal rights. In most circumstances this will mean that we will keep data for at least six years after the termination of our business relationship with the data subject, though the exact period of time we retain data will depend on what data we hold, why we hold it, and what our legal and regulatory obligations are in relation to that data.
The data we keep about you should be accurate and up to date. Please contact us if you wish to update your details, view a copy of the information we hold on you, or to change your consent choices (where applicable) relating to that data.
If you wish to raise a complaint about any matter relating to our handling of your personal data, please contact John Crisp by email to johnc@gbj=ltd.co.uk or by telephone on +44 (0)20 7264 0420. Should you be dissatisfied with our response, or should you wish to gain more information about your protection rights (including your right to be forgotten), please visit the Information Commissioner’s Office website: www.ico.org.uk.