Privacy Policy - Africa Specialty Risks

DATA PROTECTION SYSTEM & COMPANY RULES (incorporating GDPR)

Africa Specialty Risk Limited (ASR), is an Appointed Representative of Crispin Speers & Partners Limited, a Lloyd’s broker who is authorised and regulated by the Financial Conduct Authority. Registered Office: 88 Leadenhall, London EC3N 3BP. Our Permitted business is arranging general insurance contracts. Our FCA number is 923820

ASR Group Adopts CSP’s Data Protection System and Company Rules

GENERAL POLICY

Crispin Speers & Partners Ltd and its senior management are committed to ensuring client personal data is held securely and in accordance with data protection legislation and Financial Conduct Authority regulations.

CSP values the trust and respect of its clients and business partners. When information is entrusted to our care the responsible use of that information and its protection reflect the company’s values and are essential in maintaining our reputation as an insurance broker and intermediary.

All staff are fully briefed on Data Protection rules and company procedures on joining the company and ongoing training is provided to ensure such rules continue to be followed.

CLIENT NOTIFICATION

All insurance proposal forms for completion by clients contain the following declaration:-

‘Our policy and procedures comply with all known legislation involving the collection, use, storage and disclosure of personal information. You are entitled to access the information we hold concerning you and we can supply a copy of our full policy and procedures on request.

We and our agents need to collect, use and disclose your information in order to consider your application for insurance and provide the cover you have selected, administer your policy and handle any claim. This may involve disclosing your information to third parties who assist in providing such services.

If you provide information concerning another person who you represent, eg as their broker or agent, you are confirming that you have made them aware that their information is being disclosed to us and that you have their authority to do so.

By supplying personal information to us you are confirming that you have understood the above and that it meets with your approval’.

CODE OF BUSINESS CONDUCT & ETHICS

Our code requires all employees to respect the confidentiality of client information concerning its business, employees and customers and to comply with data protection legislation and company procedures. Each new employee explicitly confirms their commitment to this code.

Any complaint concerning the handling of a client’s information, or where it is believed that it may breach any legislation in force should be reported to us for investigation. All clients also have the right to report such a matter to Lloyd’s or the regulator of their country of domicile.

DATA PROTECTION ACT REQUIREMENTS (GDPR)

The Act is based on Eight Principles (or rules for good information handling) and these are as follows:

Personal Data must be processed fairly and legally – The Client must know why the data is being obtained/processed and must not be misled or deceived as to why the information is needed.
Personal Data must only be obtained and used for specified and legal purpose – The Client must be fully aware of what the information obtained will be used for, and will not be used for any other unrelated purpose. Personal information will only be disclosed to third parties where the client has consented to this or where it is reasonably required in order to handle their business, or where required by law.
Personal data obtained must be adequate, relevant and not excessive – Information should not be obtained simply because it may be useful in the future.
Personal Data must be accurate and where necessary, kept up to date. Staff should take reasonable steps to check the accuracy of information they receive from Clients or anyone else.
Personal Data processed must not be kept for longer than is necessary to fulfil the purpose it was received.
Personal Data must be handled in accordance with the Clients rights – this includes their right to know what information is held about them, to prevent processing that is likely to cause damage/distress to themselves and others. They also have the right to claim compensation for damage/distress caused by breaking the conditions of the Act, prevent processing for direct marketing and have the right to take action to destroy inaccurate data.
Personal Data must be kept safe and secure – The necessary security measures must be taken to protect against unauthorised access to or illegal data processing – This will relate to location of/access to files/documentation only to those staff that need to use the data held and technical issues relating to the Computer System. All necessary organisational and technical measures must be taken to prevent unauthorised or unlawful processing of personal data and against accidental loss/damage of such data.
Personal Data must not be transferred outside of the European Economic Area (EEA) unless the Country/Territory ensures that rights and freedom of data subjects are protected. It is essential to make sure that personal data which is transferred outside the EEA is secure. Where client information is disclosed to parties outside the EEA the client will be advised accordingly. If a client does not wish its information to be disclosed externally they can opt-out by contacting us accordingly.

DATA PROTECTION STATEMENT – ‘PRIVACY NOTICE’

In accordance with Data Protection legislation, including General Data Protection Regulations (GDPR), we are advising you that any personal and/or sensitive data requested from you will be stored securely and will only be used in order to manage the contract of business, including insurance requirements, we are arranging for you where we have a legal obligation in handling your data. We may also have a legitimate interest in handling your data when dealing with third parties, such as your insurers. This information will only be made available to third parties, such as insurers or their claims handling agents, in order to further manage and service your insurance policy.

We will retain your information for a period of time which is necessary to ensure no further liability, such as any insurance claims, exists. This period will normally be 7 years from expiry of the policy but may be extended for certain types of business.

The types of data vary but typically include name, address, email address, telephone number and date of birth. Other details may be needed depending on the type of insurance required.

For certain types of business we may require sensitive information from you in order to arrange your insurance requirements or service any claims, for example, medical records, which may involve passing such information to insurers or their claims handling agents. If required we will seek your consent to this.

CSP may from time to time transfer (‘transfer’ includes making available remotely) personal data to countries outside the EEA. Your insurers and/or their third party agents may pass data outside the EU and if so, we will seek their confirmation that this is adequately protected.

You have the right to:-

See a copy of the personal information we hold about you, free of charge
Ask us to delete any of your personal data where there is no legitimate reason for continuing to hold it.
To have any inaccurate or misleading data corrected or deleted
Restrict the processing of your data
Lodge a complaint with the Information Commissioners Office if you are unhappy with the manner in which we store or handle your data.

If you provide data to us about other people you must provide this notice to them before you pass their data to us. You must obtain their consent if this includes sensitive data such as health or criminal record data.

If at any time you wish to know what information we hold on you, or have any queries relating to the above, please contact our director responsible for Data Protection issues at:-

Telephone: 020 7977 5700

Email: Dataprotection@cspinsurance.com

Or write to:

Crispin Speers & Partners Ltd

St Clare House

30-33 Minories

London EC3N 1PE

COOKIES POLICY

A ‘cookie’ is a small data text file that is placed in your browser. We use cookies to enable our website to operate correctly, to enhance your customer experience and to improve our service to you.

Most browsers will usually allow you to change the settings of your browser so that it does not accept cookies but if you do this please be aware that this website will not function correctly.

SESSION COOKIES

We use session cookies on this website for the duration of your visit. So that this website will function correctly, this cookie will store data about the browser you are using and the information you have entered.

If we did not use a session cookie, this website would not function correctly. When you leave our website, the session cookie is deleted.

PERFORMANCE (TRACKING) COOKIES

We use Google Analytics to count page visits, identify traffic sources and to collect information about how visitors have found and use our website. These cookies are set automatically on each page and do not collect or store any personal data.

MORE ABOUT COOKIES

If you would like to learn more about cookies – www.bbc.co.uk/webwise/guides/about-cookies

How to turn off cookies within your browser
For the procedures to turn off cookies within your browser – www.aboutcookies.org/Default.aspx?page=2

Please note that if you do turn off cookies within your browser, this website will not operate correctly.

LINKS TO OTHER SITES

On this website you may be offered links to other sites which we hope will be of interest. However, please be aware that we have no control where such sites are operated by a third party and we do not endorse them. You agree that we are not responsible for the availability or content of, or products and services available on those websites.

You are advised to read the cookie and privacy policy of the respective websites available through this website before disclosing any personal information. The cookie and privacy policy attached to that website will confirm the relevant terms and conditions including cookies.

SECURITY

We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it.

When you request a quotation or apply to purchase an insurance policy online, we use secure socket layer technology (SSL) that encrypts all information you input before it is sent to us. This ensures that the information is reasonably protected against unauthorised interception.

We also follow security procedures in the storage and disclosure of information which has been given to us, to provide an adequate level of security for that information.

It is important to remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect personal information, we cannot guarantee its absolute security.

CALL RECORDING

We record telephone calls for monitoring, quality and training purposes and to assist us in preventing and detecting fraud.

INTELLECTUAL PROPERTY RIGHTS

The content of this web site may not be retrieved, displayed, modified, copied, printed, sold, downloaded, hired, reverse engineered or transmitted in any way without the prior written consent of the Compliance Manager.

You may retrieve, display, copy, print or download the content on this site for legitimate personal use only and not for commercial exploitation.

You may not link to this web site or include this web site in part or in whole within another external web site without first obtaining written permission from the ASR Compliance Manager. We reserve the right to remove links to this site without notice at our discretion.

INSTABILITY OF THE INTERNET

The Internet is an inherently unstable medium. Errors, omissions, interruptions and delays of service may occur at any time. As a result we accept no responsibility in respect of such errors, omissions, interruptions or delays.

We do not guarantee that this site will operate either fully or in part on any specific computer equipment or in any specific software. There are no elements within this site that alter any of the configuration or other settings on any machinery used to view the site.

We accept no liability whatsoever (whether in contract, negligence or any other cause of action) for any damage, either temporary or permanent, occurring to either electronic equipment or software that might occur whilst using this site.

REMEMBER THE RISKS WHENEVER YOU USE THE INTERNET

Other Internet sites or services that may be accessible through our web site will have separate data and privacy practices independent of us, and therefore we disclaim any responsibility or liability for their policies or actions.

CHANGES IN THIS COOKIE & PRIVACY STATEMENT

We reserve the right to modify this cookie & privacy policy without notice and so you should check the position each time you visit our web site.

CONTACT US

If you have any questions or suggestions about our cookie & privacy policy, please contact us at the following address: compliance@asr-re.com