Privacy Policy
Personal Data Protection Policy
Click here to download this policy as a pdf.
At Ibex Insurance ("Ibex") ("we", "us", "our"), we regularly collect and use information which may identify individuals ("personal data"), including insured persons or claimants ("you", "your"). We understand our responsibilities to handle your personal data with care, to keep it secure and to comply with applicable data protection laws.
The purpose of this privacy policy is to provide a clear explanation of when, why and how we collect and use personal data ("Policy"). We have designed it to be as user-friendly as possible, and have labelled sections to make it easy for you to navigate to the information that may be most relevant to you.
Do read this Policy with care. It provides important information about how we use personal data and explains your legal rights. This Policy is not intended to override the terms of any terms of business agreement or other contracts which you have with us or any rights you might have available under applicable data protection laws.
We may amend this Policy from time to time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business. We will notify you about material changes by prominently posting a notice on our website. We encourage you to periodically check back and review this policy so that you will always know what information we collect, how we use it, and with whom we share it.
What personal data do we collect?
Insured Persons. In order to arrange, place and administer insurance policies, we collect information about the policyholder and related parties. The policyholder may be an individual, company or their representative. The level and type of personal data we collect varies depending on the type of policy that you have. In general, this is likely to include background and contact information on the policyholder or their representative, and matters relevant to the management of the insurance policy and assessment of risk. In some instances, it is necessary for us to collect and use Special Categories of Data, such as information about a past criminal conviction or health details potentially including information about children’s health.
Claimants. If a policyholder seeks to rely on the insurance cover, we will collect information about the individual making a claim under a policy, or if an individual asks us to negotiate with insurers on behalf of an individual. This will include the collection of basic contact details, together with information about the nature of your claim and any previous claims. If the claimant is an Insured Person, we will also need to check details of the policy you are insured under and your claims history, and depending on the nature of your claim, it may be necessary for us to collect and use Special Categories of Data, such as details of a personal injury you may have suffered during an accident or potentially information about children’s health.
When do we collect your personal data?
Insured Persons
• We will collect information from you directly when you request a quote for a policy. Alternatively, insurance brokers and other intermediaries may provide information to us about you
• To the extent permitted by law, we may also monitor and record telephone calls for training and quality assurance purposes when you call us directly including in connection with a claim.
• Information about you may also be provided to us by an insurance broker, your employer, family member or any other third person who may be applying for a policy which names you.
• We may collect information about you from other sources where we believe this is necessary to manage the risk associated with a policy or to help fight financial crime or for the purposes of trade credit checks. These other sources may include public registers and databases managed by credit reference agencies.
Claimant
• We will collect information from you when you notify us of a claim. You might make a claim to us directly, through your representative or through a broker who manages claims on our behalf.
• To the extent permitted by law, we may also monitor and record telephone calls for training and quality assurance purposes when you call us directly including in connection with a claim.
• We may also collect information about you if the claim is made by another person who has a close relationship with you or is otherwise linked to the claim - for example if the policyholder is your employer or if the representative of a third party claimant contacts us in connection with a claim.
• We may also be provided with information by your solicitors, family members, legal advisors and medical and other professional advisors.
• We may collect information from other sources where we believe this is necessary to assist in validating claims and/or fighting financial crime. This may include consulting public registers, social media and other online sources, credit reference agencies and other reputable organisations.
Types of personal data to be collected
Personal data is information that relates to an identified or identifiable individual. The types of personal data we may collect and process include:
• an individual’s name, age, date and place of birth, address, e-mail address, phone number, gender, marital status, qualifications, government, licensing or regulatory body identification numbers;
• credit card or bank details and other financial information;
• previous insurance details, including policies and previous or current claim data;
• current and past employment, education, qualifications, names and contact information of references, or other personnel records;
The types of special category personal data we collect and process may include:
• Health Data - e.g. physical and mental conditions, medical history and procedures, relevant personal habits (e.g. smoking).
• Criminal Data - e.g. driving offences, unspent convictions.
• Data relating to children.
Sources of personal data
We collect and receive personal data from various sources, including:
• Individuals, online or by telephone, or in written correspondence;
• Individuals’ employers or trade or professional associations of which they are a member;
• In the event of a claim, third parties including the other party to the claim (claimant/defendant), witnesses, experts (including medical experts), loss adjusters, lawyers and claims handlers;
• Other insurance market participants, such as insurers, reinsurers and other intermediaries;
• Anti-fraud databases and other third party databases, including sanctions lists;
• Government agencies, such as tax authorities;
• Claim forms;
• Open electoral registers and other publicly available information;
• Business information and research tools;
• Third parties who introduce business to us; and
• Forms on our website and your interactions with our website (please also see our Cookie Notice).
Purposes for Collecting and Processing Personal Data, including special category Personal Data.
In this section, we set out the purposes for which we use personal data, explain how we share the information, and identify the “legal grounds” on which we rely to process the information. These “legal grounds” are set out in Data Protection Law.
|
Purpose of Processing |
Legal grounds for using your Personal Data |
Legal grounds for using your Special Category Personal Data |
Disclosures |
|---|---|---|---|
|
Quotation / Inception |
|||
|
Establishing a client relationship, including fraud, anti-money laundering and sanctions checks and other due diligence or screening activities (including background checks) in accordance with legal or regulatory obligations or risk management procedures that may be required by law or that may have been put in place by Insurers |
* Performance of our contract with the individual (if he/she is the client) * Compliance with a legal obligation * Legitimate interests of the Insurers (to ensure that the client is within our acceptable risk profile and to assist with the prevention of crime and fraud) |
* Explicit consent * Necessary for legal advice or in connection with, legal claims, prospective legal claims, legal proceedings or prospective legal proceedings or otherwise establishing, exercising or defending legal rights * Necessary for insurance purposes (health data only) * Performance of our contract with the individual (if he/she is the client) or in order to take steps at the request of the individual prior to entering into a contract (criminal records data only) * Processing permitted pursuant to regulations made under Data Protection Law |
* Insurers and reinsurers * Insurance intermediaries such as brokers and coverholders * Advisors and Consultants |
|
Processing your request for quotations for underwriting and insurance products and services and complying with applicable law in processing your request for quotations for underwriting and insurance products and services with the Insurers and dealing in any matters relating to your request for quotations for underwriting and insurance products and services |
* Performance of our contract with the individual (if he/she is the client) * Compliance with a legal obligation * Legitimate interests of the Insurers (to correspond with prospective clients in order deal with matters relating to requests for quotations and other insurance products and services) |
* Explicit consent * Necessary for legal advice or in connection with, legal claims, prospective legal claims, legal proceedings or prospective legal proceedings or otherwise establishing, exercising or defending legal rights * Necessary for insurance purposes (health data only) * Performance of our contract with the individual (if he/she is the client) or in order to take steps at the request of the individual prior to entering into a contract (criminal records data only) * Processing permitted pursuant to regulations made under the Data Protection Law |
*Insurers and reinsurers * Insurance intermediaries such as brokers and coverholders * Advisors and Consultants * Actuaries, economists, and experts |
|
Purpose of Processing |
Legal grounds for using your Personal Data |
Legal grounds for using your Special Category Personal Data |
Disclosures |
|---|---|---|---|
|
Policy Administration |
|||
|
General client care, including communicating with you, carrying out and/or dealing with your instructions or responding to any enquiries by you and administering and/or managing your relationship, account and/or policy with the Insurers (including but not limited to renewing or reinstating your policy or policies) |
* Performance of our contract with the individual (if he/she is the client) * Legitimate interests of the Insurers (to correspond with clients, beneficiaries and claimants in order to facilitate the placing of and claims under insurance policies) |
* Explicit consent * Necessary for legal advice or in connection with, legal claims, prospective legal claims, legal proceedings or prospective legal proceedings or otherwise establishing, exercising or defending legal rights * Necessary for insurance purposes (health data only) * Performance of our contract with the individual (if he/she is the client) or in order to take steps at the request of the individual prior to entering into a contract (criminal records data only) * Processing permitted pursuant to regulations made under the Data Protection Law |
*Insurers and reinsurers * Insurance intermediaries such as brokers and coverholders * Advisors and Consultants |
|
Collection or refunding of premiums, paying on claims, processing and facilitating other payments and dealing with or collection or refund of any outstanding amounts due from/to you; |
* Performance of our contract with the individual (if he/she is the client) * Legitimate interests of the Insurers (to recover debts due to us) |
* N/A |
* Insurers and reinsurers * Insurance intermediaries such as brokers and coverholders * Advisors and Consultants * Banks * Lawyers / Law Firms |
|
Purpose of Processing |
Legal grounds for using your Personal Data |
Legal grounds for using your Special Category Personal Data |
Disclosures |
|---|---|---|---|
|
Claims Processing |
|||
|
Managing insurance claims, including processing, handling and/or dealing with your claims |
* Performance of our contract with the individual (if he/she is the client) * Legitimate interests of the Ibex (to assist our clients in assessing and making claims) |
* Explicit consent * Necessary for legal advice or in connection with, legal claims, prospective legal claims, legal proceedings or prospective legal proceedings or otherwise establishing, exercising or defending legal rights * Necessary for insurance purposes (health data only) * Performance of our contract with the individual (if he/she is the client) or in order to take steps at the request of the individual prior to entering into a contract (criminal records data only) * Processing permitted pursuant to regulations made under the Data Protection Law |
* Insurers and reinsurers * Advisors and Consultants * Claims Handlers * Lawyers * Loss Adjusters * Costs Draftsmen * Experts * Third parties involved in handling or otherwise addressing the claim, such as health care professionals, witnesses |
|
Defending or prosecuting legal claims, including but not limited to the settlement of such claims and any necessary investigations relating to the claims under your policy or policies, and enforcing our contractual and/or legal rights |
* Performance of our contract with the individual (if he/she is the client) * Legitimate interests of the Ibex (to assist our clients in assessing and making claims) |
* Explicit consent * Necessary for legal advice or in connection with, legal claims, prospective legal claims, legal proceedings or prospective legal proceedings or otherwise establishing, exercising or defending legal rights * Necessary for insurance purposes (health data only) * Performance of our contract with the individual (if he/she is the client) or in order to take steps at the request of the individual prior to entering into a contract (criminal records data only) * Processing permitted pursuant to regulations made under the Data Protection Law |
* Insurers and reinsurers * Advisors and Consultants * Claims Handlers * Lawyers * Loss Adjusters * Costs Draftsmen * Experts * Third parties involved in handling or otherwise addressing the claim, such as health care professionals, witnesses |
|
Investigating and prosecuting fraud and investigating misconduct, and/or any unlawful action or omission, whether relating to your application, your claims or any other matter relating to your policy or policies, and whether or not there is any suspicion of the aforementioned |
* Performance of our contract with the individual (if he/she is the client) * Legitimate interests of Insurers (to assist with the prevention and detection of fraud) |
* Explicit consent * Necessary for legal advice or in connection with, legal claims, prospective legal claims, legal proceedings or prospective legal proceedings or otherwise establishing, exercising or defending legal rights * Necessary for insurance purposes (health data only) * Performance of our contract with the individual (if he/she is the client) or in order to take steps at the request of the individual prior to entering into a contract (criminal records data only) * Processing permitted pursuant to regulations made under the Data Protection Law |
* Insurers and reinsurers * Advisors and Consultants * Claims Handlers * Lawyers * Police * Experts * Other insurers * Third parties involved in the investigation or prosecution, such as private investigators |
|
Purpose of Processing |
Legal grounds for using your Personal Data |
Legal grounds for using your Special Category Personal Data |
Disclosures |
|---|---|---|---|
|
Renewals |
|||
|
Contacting you in order to arrange the renewal of the insurance policy |
* Performance of our contract with the individual (if he/she is the client) * Legitimate interests of the Insurers (to correspond with clients to facilitate the continuation of insurance cover) |
* N/A |
* Insurers and reinsurers * Insurance intermediaries such as brokers and coverholders * Advisors and Consultants * Actuaries, economists, and experts |
|
Purpose of Processing |
Legal grounds for using your Personal Data |
Legal grounds for using your Special Category Personal Data |
Disclosures |
|---|---|---|---|
|
Throughout the insurance lifecycle |
|||
|
Marketing analytics and direct marketing, including data anonymisation |
* Legitimate interests of the Insurers (to give clients relevant offers) * Where we do not have an existing relationship with the individual, consent |
* N/A |
* Insurers and reinsurers * Insurance intermediaries such as brokers and coverholders |
|
For designing new or enhancing existing products or services |
* Consent * Legitimate interests of the Insurer (to design or enhance existing products and services) |
* N/A |
* Insurers and reinsurers * Insurance intermediaries such as brokers and coverholders |
|
Complying with our legal or regulatory obligations |
* Compliance with a legal obligation * Legitimate interests of the Insurers (to take pre-emptive steps to ensure legal and regulatory compliance) |
* Explicit consent * Necessary for legal advice or in connection with, legal claims, prospective legal claims, legal proceedings or prospective legal proceedings or otherwise establishing, exercising or defending legal rights * Necessary for insurance purposes (health data only) * Performance of our contract with the individual (if he/she is the client) or in order to take steps at the request of the individual prior to entering into a contract (criminal records data only) * Processing permitted pursuant to regulations made under the Data Protection Law |
* Financial Services, Insurance, Data Protection and other Regulators and Supervisory bodies * Police * Insurers and reinsurers * Auditors |
Consent
Where the legal basis for processing your personal data or special category personal data is consent (or explicit consent), you may withdraw your consent to such processing at any time by contacting Ibex’s Data Protection Officer, the details of which are set out below. However, doing so may impact Ibex’s ability to provide products and services. In addition, if you withdraw consent to an insurer’s or reinsurer’s processing of your special category personal data and criminal records data, it may not be possible for the insurance cover to continue.
To whom we may disclose or transfer your personal data
For business purposes, to help prevent/detect crime or where required by Law or Regulation, we may need to transfer, or allow access to, your personal data to parties based overseas. These parties include brokers, insurers, re-insurers, service providers, other Ibex Group companies & law enforcement agencies . Where we do this, we will ensure that your information is transferred in accordance with the applicable Data Protection requirements.
If the Data Protection laws of the country where we transfer your data are not recognised as being equivalent to those in the UK, Gibraltar or the EEA we will ensure that the recipient enters into a formal legal agreement that reflects the standards required.
You have the right to ask us for more information about the safeguards we have put in place as mentioned above. Contact us as set out in this privacy policy if you would like further information or to request a copy where the safeguard is documented (which may be redacted to ensure confidentiality).
Limiting the Collection and Retention of Your Personal Data
We collect, use, disclose and otherwise process personal data that is necessary for the purposes identified in this Policy or as permitted by law. If we require personal data for a purpose inconsistent with the purposes we identified in this Policy, we will notify clients of the new purpose and, where required, seek individuals’ consent to process personal data for the new purposes. Your personal data will be retained for as long as is necessary for the purposes or related purposes described in this Privacy Statement and for which the data was collected. In particular, where required by law, regulation, contract, underwriting or where there is a possibility that either you, we or a third party may wish to bring a legal claim this may be indefinite. In the absence of legal, regulatory or contractual requirements, or a possible legal claim, a reasonable expectation of the retention period for your personal data is at least seven years.
Safeguards
We have in place physical, electronic, and procedural safeguards appropriate to the sensitivity of the information we maintain. These safeguards will vary depending on the sensitivity, format, location, amount, distribution and storage of the personal data, and include measures designed to keep personal data protected from unauthorised access.
If appropriate and in certain cases, the safeguards may include the encryption of communications via email, encryption of information during storage, firewalls, access controls, separation of duties, and similar security protocols. We restrict access to personal data to personnel and third parties that require access to such information for legitimate, relevant business purposes.
Data Subject Rights
1. Under certain conditions, individuals have the right to request that Ibex provide further details on how we use and process their personal data;
• provide a copy of the personal data we maintain about the individual (“Data Subject Access Request”);
• update any inaccuracies in the personal data we hold;
• delete personal data that we no longer have a legal ground to process; and
• restrict how we process the personal data while we consider the individual’s enquiry.
2. In addition, under certain conditions, individuals have the right to:
• where processing is based on consent, withdraw the consent (as referred to above);
• object to any processing of personal data that the Insurers justifies on the “legitimate interests” legal grounds, unless our reasons for undertaking that processing outweigh any prejudice to the individual’s privacy rights; and
• object to direct marketing (including any profiling for such purposes) at any time.
These rights are subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). We will respond to most requests within 30 days.
Should you wish to make a Data Subject Access Request, please write to:
For clients of EEA risks:
Ibex Portugal Corretora de Seguros, Unipessoal LDA at
Avenida Duarte Pacheco No 32,
Almancil, Loule,
Algarve, Portugal, 8135-104
If you have any questions in relation to the above declaration or the collection, processing or disclosure of your personal data under this Personal Data Protection Policy, please contact Ibex Data Protection Officer, Rute Isabel Gomes, by email privacy@ibexinsure.com
or at the above address.
For clients of Gibraltar / UK risks:
Ibex Insurance Services Limited
PO Box 1127, 68 Irish Town
GX11 1AA
Gibraltar
If you have any questions in relation to the above declaration or the collection, processing or disclosure of your personal data under this Personal Data Protection Policy, please contact Ibex Data Protection Officer, Lee Everest, by email privacy@ibexinsure.com
or at the above address.
If you think that we have not handled your request properly you have the right to complain to your data protection regulator.
Contact the National Data Protection Regulator
If you believe Ibex Portugal Corretora de Seguros, Unipessoal LDA or Ibex Insurance Services Limited have breached your privacy rights or if you are not satisfied with our response to your concerns, you can contact the following Regulatory bodies;
|
Gibraltar: Gibraltar Regulatory Authority T: (+350) 200 74636 E: info@gra.gi W: www.gra.gi |
Portugal: Comissão Nacional de Proteção de Dados Av. D. Carlos I, 134 - 1.º 1200-651 Lisboa Portugal T: (+351) 21 392 84 00 W: www.cnpd.pt |
Spain: Agencia Española de Protección de Datos C/Jorge Juan, 6 28001 Madrid, España T: (+34) 91 266 35 17 W: www.aepd.es |
Changes to Personal Data Protection Policy
The Policy is subject to change at any time. It was last changed on the 31st December 2020.