DATA PROTECTION SYSTEM & COMPANY RULES (incorporating GDPR)

Africa Specialty Risk Limited (ASR), is an Appointed Representative of Crispin Speers & Partners Limited, a Lloyd’s broker who is authorised and regulated by the Financial Conduct Authority. Registered Office:  88 Leadenhall, London EC3N 3BP. Our Permitted business is arranging general insurance contracts. Our FCA number is 923820

 

ASR Group Adopts CSP’s Data Protection System and Company Rules

GENERAL POLICY

Crispin Speers & Partners Ltd and its senior management are committed to ensuring client personal data is held securely and in accordance with data protection legislation and Financial Conduct Authority regulations.

CSP values the trust and respect of its clients and business partners. When information is entrusted to our care the responsible use of that information and its protection reflect the company’s values and are essential in maintaining our reputation as an insurance broker and intermediary.

Company rules have been designed ensure data is fully protected and secured concerning such personal data.

All staff are fully briefed on Data Protection rules and company procedures on joining the company and ongoing training is provided to ensure such rules continue to be followed.

 

CLIENT NOTIFICATION

All insurance proposal forms for completion by clients contain the following declaration:-

‘Our policy and procedures comply with all known legislation involving the collection, use, storage and disclosure of personal information. You are entitled to access the information we hold concerning you and we can supply a copy of our full policy and procedures on request.

We and our agents need to collect, use and disclose your information in order to consider your application for insurance and provide the cover you have selected, administer your policy and handle any claim. This may involve disclosing your information to third parties who assist in providing such services.

If you provide information concerning another person who you represent, eg as their broker or agent, you are confirming that you have made them aware that their information is being disclosed to us and that you have their authority to do so.

By supplying personal information to us you are confirming that you have understood the above and that it meets with your approval’.

 

CODE OF BUSINESS CONDUCT & ETHICS

Our code requires all employees to respect the confidentiality of client information concerning its business, employees and customers and to comply with data protection legislation and company procedures. Each new employee explicitly confirms their commitment to this code.

Any complaint concerning the handling of a client’s information, or where it is believed that it may breach any legislation in force should be reported to us for investigation. All clients also have the right to report such a matter to Lloyd’s or the regulator of their country of domicile.

 

DATA PROTECTION ACT REQUIREMENTS (GDPR)

The Act is based on Eight Principles (or rules for good information handling) and these are as follows:

  • Personal Data must be processed fairly and legally – The Client must know why the data is being obtained/processed and must not be misled or deceived as to why the information is needed.
  • Personal Data must only be obtained and used for specified and legal purpose – The Client must be fully aware of what the information obtained will be used for, and will not be used for any other unrelated purpose. Personal information will only be disclosed to third parties where the client has consented to this or where it is reasonably required in order to handle their business, or where required by law.
  • Personal data obtained must be adequate, relevant and not excessive – Information should not be obtained simply because it may be useful in the future.
  • Personal Data must be accurate and where necessary, kept up to date.  Staff should take reasonable steps to check the accuracy of information they receive from Clients or anyone else.
  • Personal Data processed must not be kept for longer than is necessary to fulfil the purpose it was received.
  • Personal Data must be handled in accordance with the Clients rights – this includes their right to know what information is held about them, to prevent processing that is likely to cause damage/distress to themselves and others.  They also have the right to claim compensation for damage/distress caused by breaking the conditions of the Act, prevent processing for direct marketing and have the right to take action to destroy inaccurate data.
  • Personal Data must be kept safe and secure – The necessary security measures must be taken to protect against unauthorised access to or illegal data processing – This will relate to location of/access to files/documentation only to those staff that need to use the data held and technical issues relating to the Computer System.  All necessary organisational and technical measures must be taken to prevent unauthorised or unlawful processing of personal data and against accidental loss/damage of such data.
  • Personal Data must not be transferred outside of the European Economic Area (EEA) unless the Country/Territory ensures that rights and freedom of data subjects are protected.  It is essential to make sure that personal data which is transferred outside the EEA is secure. Where client information is disclosed to parties outside the EEA the client will be advised accordingly. If a client does not wish its information to be disclosed externally they can opt-out by contacting us accordingly.

 

DATA PROTECTION STATEMENT –  ‘PRIVACY NOTICE’

In accordance with Data Protection legislation, including General Data Protection Regulations (GDPR), we are advising you that any personal and/or sensitive data requested from you will be stored securely and will only be used in order to manage the contract of business, including insurance requirements, we are arranging for you where we have a legal obligation in handling your data. We may also have a legitimate interest in handling your data when dealing with third parties, such as your insurers. This information will only be made available to third parties, such as insurers or their claims handling agents, in order to further manage and service your insurance policy.

We will retain your information for a period of time which is necessary to ensure no further liability, such as any insurance claims, exists. This period will normally be 7 years from expiry of the policy but may be extended for certain types of business.

The types of data vary but typically include name, address, email address, telephone number and date of birth. Other details may be needed depending on the type of insurance required.

For certain types of business we may require sensitive information from you in order to arrange your insurance requirements or service any claims, for example, medical records, which may involve passing such information to insurers or their claims handling agents. If required we will seek your consent to this.

We will not transfer your data outside the EU. Your insurers and/or their third party agents may pass data outside the EU and if so, we will seek their confirmation that this is adequately protected.

You have the right to:-

  • See a copy of the personal information we hold about you, free of charge
  • Ask us to delete any of your personal data where there is no legitimate reason for continuing to hold it.
  • To have any inaccurate or misleading data corrected or deleted
  • Restrict the processing of your data
  • Lodge a complaint with the Information Commissioners Office if you are unhappy with the manner in which we store or handle your data.

 

If you provide data to us about other people you must provide this notice to them before you pass their data to us. You must obtain their consent if this includes sensitive data such as health or criminal record data.

If at any time you wish to know what information we hold on you, or have any queries relating to the above, please contact our director responsible for Data Protection issues at:-

 

Telephone: 020 7977 5700

Email: Dataprotection@cspinsurance.com

Or write to:

Crispin Speers & Partners Ltd

St Clare House

30-33 Minories

London EC3N 1PE