Introduction – How the insurance market works
We are a Lloyd’s broker and insurance intermediary authorised and regulated by the Financial Conduct Authority. Our role is to meet your insurance needs by drawing on our knowledge of the insurance market to identify suitable insurers and products for your consideration and approval.
The insurance market is complex with brokers, underwriting agents, insurers, reinsurers, adjusters, introducers and others involved from time to time.
The data we may collect about you (your personal data)
To identify suitable products for you we may need to collect certain information about you and those seeking cover. In particular we may need name, address, telephone number, email address, bank account details, credit card details, beneficiary details, declaration of health (name of family doctor, smoking and alcohol consumption, height, weight, medical conditions, current treatment), income/salary, net assets including savings and investments, occupation, travel arrangements, participation in hazardous sports, family history, previous application history, prior claims loss history.
We also have an obligation to comply with the law prior to accepting you as a client and thereafter this may require us to conduct regulatory, sanction and other fitness and properness checks on you either through direct questions to you or indirectly through third parties.
Although we do not administer claims we may receive claims related information about you, from yourself, connected beneficiaries, your representatives, insurers and their representatives.
Where we might collect your personal data from
We may collect your personal information in a number of different ways and at different times. We maintain a website and this has the ability to track visitors to it and their interest in its various pages. We also collect information about you when seeking quotes, obtaining cover, administering your policy (e.g. when handling complaints, processing renewals and forwarding claims).
Identities of data controllers and data protection contacts
We are a data controller and our details are shown below. Should you have a query in relation to the handling of your personal data please contact us marking it for the attention of the Data Privacy Officer.
Should you remain concerned you may wish to contact the Information Commissioner's Office who oversee GDPR in the UK. Their contact details are:
Information Governance department
Information Commissioner's Office
The purposes, categories, legal grounds and recipients of our processing of your personal data
In order to obtain quotes and to place cover, you will need to enter into a contract with us as your intermediary and with the insurer(s) providing your policy. This is the legal basis for us obtaining your personal data. The actual personal data requested is that we or your insurer believes is needed to assess the risk, meet regulatory or legal requirements and effect cover.
Your personal data may be passed to other intermediaries and insurers both when obtaining quotes as well as when placing your cover. Their details will be passed to you at that point. Your personal data may also be passed on to reinsurance intermediaries and reinsurers by the insurer to enable them to manage their own insurance risk and exposures. Details of such arrangements, where known, will be made available to you upon being advised by the relevant parties or otherwise following enquiry by you.
In order to provide insurance in certain circumstances, we may need to process special categories of personal data, such as medical records and criminal convictions. To do this we require your consent. This consent may not have been given to us directly but may have been given to an intermediary that you purchased your policy from. You may withdraw your consent to processing at any time by contacting the Data Privacy Officer. However, if you withdraw your consent this will impact our ability to provide insurance and pay claims.
Ordinarily we produce two editions of our International Insurance Insights (IN) magazine each year. These magazines are distributed to our customers via post and email and you may withdraw your consent to receive these publications at any time by contacting the Data Privacy Officer.
We also share relevant industry related articles on LinkedIn (https://www.linkedin.com) – if you would like to stop viewing these articles please refer to LinkedIn’s Settings and Privacy options.
We collect and use non-personal information in the following ways.
Internet Protocol (IP) addresses
When you visit our website, we log your IP address (the unique address which identifies your computer on the internet). We use IP addresses to collect broad geographic information on our site visitors. We do not link IP addresses to personally identifiable information.
In order to develop our site in line with our customers’ needs, Bellwood Prestbury keeps a track on which pages on our website are visited most frequently and how long visitors spend on our site using web page tagging. We use this information to help improve the site.
We never gather other information from your disk or computer. We collect a copy of the data held by the cookie for inclusion in any analysis. We use full SSL protocols when monitoring activity on secure pages; this ensures that the site's security is not compromised. We encrypt all transmitted data (even from non-secure pages), so no-one else can read the information we gather.
Retention of your personal data
Your personal data will only be kept for as long as it is necessary for the purpose it was collected for.
We only keep personal data for as long as necessary for the purpose(s) that it was provided for. We control our use of personal information according to our Data Retention Policy which stipulated the period for which all data is retained and subsequently disposed of. The length of this period depends on factors such as statutory or regulatory requirements and business requirements. Typically, this is for a maximum of 7 years after the conclusion of a policy or final settlement of a claim.
After this time, unless an exemption applies which allows us to keep it for longer, we will ensure that the relevant personal data is securely deleted.
We may need to share your data with other organisations outside the EU in order to administer your policy. This may include transfers to intermediaries, insurers, reinsurers, retrocessionaires, surveyors, lawyers, claims and risk assessors, auditors, bankers, regulators, ombudsman, Lloyd’s, transaction processors and those support contractors, some of whom may have operations outside the EU. Some countries outside the EU are considered to offer the same level of protection as the EU to data subjects and their personal data. Where this is not the case we may rely on model clauses in our agreements to provide the appropriate safeguards or we may seek your consent to such transfers although we will always seek to ensure that appropriate safeguards are in place before making such transfers. Further details are available on our web site or can be obtained by contacting us.
You have the right to:
a) Be informed about the controller(s) and processors of your data, their contact details, purpose of processing, any legitimate interests applying to processing, categories of personal data, transfers to third countries and safeguards and retention period for the data.
b) Request access to any personal data we hold about you and the lawful purposes for processing.
c) Have your data erased where it is no longer needed for the purposes for which it was held, where you can withdraw consent, where you can object to further processing, where we have processed your data unlawfully, where there is a legal obligation to do so or in certain specific circumstances where the data relates to a child.
d) Object to processing based on legitimate interests and direct marketing (including profiling).
e) Rectification of inaccurate data held and processed about you.
f) Restrict processing where the accuracy of the data is contested, where you are able to object to the processing, where processing is unlawful or where you need the data for legal purposes.
g) Data portability where your data is held by us or another controller, you have provided consent or the data is processed in accordance with your employment and the processing is carried out by automated means.
h) Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her similarly significantly affects you.
How we protect your information
Your privacy is important to us and we and those we share your personal data with follow strict security and organisational procedures in the processing, storage, destruction and disclosure of your information. This is to prevent unauthorised or unlawful processing and the accidental loss, destruction or damage of your information.
Changes to this information notice
If we make changes to this information notice that affects how we process your information, we will let you know and publish any changes on our website.