Insurtech UK Privacy Notice

Insurtech UK is committed to protecting and respecting your privacy.

This notice sets out the basis for processing the personal data we collect from you, or that you provide to us following the implementation of the General Data Protection Regulation (GDPR) c on 25th May 2018. This notice also sets out the rights that you have under the GDPR.

Insurtech UK of Zetland House, 5-25 Scrutton Street, London is the data controller for any data protection legislation purposes.

1 Who we are and what we do

Insurtech UK is the trade association for insurtech’s acting within the UK market. We collect the personal data of the following types of people to allow us to undertake our business:

— Current, prospective and previous members of the association, including registration information;

— Supplier contacts to support our services;

— Prospective, current and past directors, board and working group members, employees, consultants, temporary workers; and

— Political and regulatory contacts for lobbying purposes.

We collect information about you to carry out our core business and ancillary activities.

2 Information you give to us or we collect about you

Information about you that you give to us by filling in forms either on our website https://insurtechuk.org/ or by corresponding with us by other means. This includes information you provide when you register to join the association, use our website, enter our database, subscribe to our services, attend our events, participate in discussion boards or other social media functions on our website, enter a competition, promotion or survey, and when you report a problem with our website.

The information may include your name, private and corporate e-mail or postal addresses and phone numbers, financial information and compliance documentation, links to your social media and web profiles available in the public domain.

3 Information we collect about you when you visit our website

When you visit our website we may automatically collect the following information:

— technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information (if applicable), browser information, and operating platform,

— information about your visit, including URLs, clickstream to, through and from our website, length of visits to certain pages, page interaction information, methods used to browse our website and phone numbers used to contact us.

4 Information we obtain from other sources

Information we obtain about you from other sources such as social media accounts, corporate websites, or personal recommendations. If we obtain this information we will inform you, by sending you this privacy notice, within a maximum of 30 days of collecting the data and inform you for what purpose we intend to retain and process your personal data.

We are working closely with third parties including, business partners, sub-contractors in technical, professional, payment and other services, advertising networks, analytics providers, search information providers, credit reference agencies, professional advisors. We may receive information about you from them for the purposes of providing our services. The information may include your name, private and corporate e-mail or postal addresses and phone numbers, financial information and compliance documentation, links to your social media and web profiles available in the public domain.

5 Purposes of and the legal basis for the processing data

We use information held about you in the following ways:

— to carry out our obligations arising from contracts we enter, have entered or intend to enter into between you and us;

— to provide you with information, products and services that you request from us or we think will be of interest to you because it is relevant to your business;

— to provide you with information about other goods or services we offer that are similar to those that you have already purchased, been provided with or have shown an interest in;

— to seek to resolve disputes between member companies and consumers; or

— to demonstrate regulatory compliance with appropriate bodies, including the ICO and the FCA.

The core service we offer to our members is to represent their interests to policymakers and regulators, to further best practice within the industry, to provide industry networking opportunities and to facilitate consumer complaints.

Legitimate business interest is our legal basis for processing but we may:

— rely on contract if we are negotiating or have entered into a service agreement with you, your organisation or any other contract to provide services to you or receive services from you or your organisation;

— rely on legal obligation if we are legally required to hold information about you to fulfil our legal obligations; or

— rely on consent for uses of your data – in these specific circumstances we will ask you for your expressive consent and you have the right to withdraw your consent at any time.

6 Our Legitimate Business Interests

Our legitimate interests in collecting and retaining your personal data is described below:

Insurtech UK is a not-for-profit trade association representing the interests of its members. We provide a number of core services for our members and the public that require the holding of personal data: registration of members and listing details on our website, maintenance of mailing lists to provide regulatory and policy issues of interest to members, hosting working group meetings to develop policy positions, the organisation of events, providing members with marketing content on relevant services such as events and the promotion of the association to third parties. To deliver and maintain these services we request a minimal amount of personal data from our members and provide regular updates and opportunities to take part in Insurtech UK’s work.

7 Other Uses we will make of your data

— Use of our website;

— to notify you about changes to our service;

— to ensure that content from our website is presented in the most effective manner for you and for your computer;

— to enable you to participate in interactive features of our service, when you choose to do so;

— to keep our website safe and secure.

We do not undertake automated decision making or profiling.

8 Cookies

We use cookies on our website to distinguish you from other users of our website. We do this to provide you with a good experience and to make improvements to our website. Our cookies policy can be found here.

9 Disclosure of your information inside and outside of the EEA

We may share your personal information with selected third parties including:

— business partners, suppliers and sub-contractors for the performance and compliance obligations of any contract we enter into with them or you;

— subcontractors including event organisers, email marketing specialists, payment and other financial service providers;

— analytics and search engine providers that provide us with assistance in the improvement and optimisation of our website.

We will disclose your personal information to third parties:

— If we are under a duty to disclose or share your personal data to comply with any legal obligation, or to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of Insurtech UK, our members, or others. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

The lawful basis for the third party processing will include:

— their own legitimate business interests in processing your personal data;

— satisfaction of their contractual obligations to us as our data processor;

— for the purpose of a contract in place or in contemplation; or

— to fulfil their legal obligations.

10 Where we store and process your personal data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (”EEA”) but we only work with suppliers that are compliant with the General Data Protection Regulation.

Any information that is provided to us is stored on secure servers. If you have selected or have been provided with a password to use our service, you are responsible for keeping this password protected.

The transmission of information via the internet is not completely secure. We will do our best to protect your personal data but we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk.

11 Retention of your data

We understand our legal duty to retain accurate data and only retain personal data for as long as we need it for our legitimate business interests and that you are happy for us to do so. Accordingly, we have a data retention notice (available upon request) and review the data that on a regular basis. We may pseudonymise parts of your data.

12 The GDPR provides you with the following rights

— to request correction of the personal information that we hold about you;

— to request erasure of your personal information;

— to object to processing of your data under certain circumstances (when we rely on legitimate interest or use data for marketing purposes);

— to request the restriction of processing of your personal information;

— to request the transfer of your personal information to another party; and

— to request access to information we hold about you as well as to ensure that any information we hold is accurate and complete.

Any request should be sent to insurtechuk@clarity.global

You have the right to complain to the Information Commissioner’s Office (ICO) which is the UK data protection regulator.

13 Changes to our privacy notice

Future changes we make to our privacy notice will be posted on our website and, where appropriate, notified to you by e-mail.

14 Contact

Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to insurtechuk@clarity.global