PRIVACY STATEMENT

Cincinnati Global is responsible for the management of Syndicate 318 Underwriters at Lloyd’s

Introduction

Cincinnati Global Underwriting Ltd. operates through Cincinnati Global Underwriting Agency Ltd., which is the Lloyd’s managing agent for Cincinnati Global Syndicate 318. Collectively, the group is known as Cincinnati Global.

Cincinnati Global strives to protect the privacy and the confidentiality of personal data that the company processes in connection with the services we provide to our commercial clients, our employees and individual policyholders. Our services consist primarily of insurance underwriting and claims handling.

To underwrite insurance cover and handle insurance claims, Cincinnati Global and other participants in the insurance industry are required to use and share personal data. An overview of how and why the insurance industry is required to use and share personal data, the LMA Notice, is provided in the Insurance Market Core Uses Information Notice that is available on the website of a United Kingdom insurance industry association, the Lloyd’s Market Association. Our organisation’s use of personal data is consistent with the LMA Notice.

During the insurance lifecycle, we will receive personal data relating to potential or actual policyholders, beneficiaries under a policy, their family members, claimants and other parties involved in a claim. Therefore, references to “individuals” in this notice include any living person from the preceding list, whose personal data Cincinnati Global receives in connection with the services we provide under our engagements with our clients. This notice sets out our uses of this personal data and the disclosures we make to other insurance market participants and other third parties.

 

Privacy Notice

This notice explains what we do in relation to collecting, storing and processing personal data. If you believe that we may hold personal data, and you are the data subject, you have various rights under relevant legislation including rights of access.

The personal data we hold, the purposes for which we hold it and what we do with it will be different for different parties.

 

Further Information

This privacy notice does not extend to other sites accessible via links on this website. Where you access other websites via these links, you should read the privacy notices contained on those sites and we can take no responsibility for personal data held or processed by the organisations concerned.

The information below describes the purposes and means by which we process personal data and the scope of use and sharing with other parties. The limitations on scope in relation to sharing with other parties do not apply where we are obliged by law or regulation to a party entitled to receive the personal data.

 

People who visit our website

We do not hold any Personal Data about visitors to our website and our contract with Google Analytics does not permit them to do so either.

 

People who send emails to us

You should be aware that unless we have established Transport Layer Security or other technical means, email traffic between us may be vulnerable to interception.

If an email you sent to us was intended for our sole use, and that was made clear to us, we will not share it with other parties or provide your contact details.

If an email was sent to us in connection with an insurance policy or claim where we are acting on behalf of you or your client, we may share such emails with (re)insurers, or their agents, in connection with the relevant insurance policy or claim.

 

People who complain to us

The insurance policies you have bought from us set out the process and contact points for dealing with complaints. Where we receive a complaint in relation to our services, we will file that information together with other complaint details gathered by us in the course of investigating and resolving the complaint. This information and any personal data will not be shared with any other organisation.

Where we receive complaints about the services of another party; such as an insurance broker or claims administrator, we will pass details of the complaint – including any personal data provided to us – to the party responsible for the provision of the services. We will advise you where we do this. We will retain a summary of the details for use in analysing the overall service experience of our clients and policyholders.

 

Policyholders

Whilst our activities are primarily concerned with providing insurance cover to commercial policyholders, in the course of quoting and insuring these insurance policies we may have been provided with personal data; for example, details of the owners or directors of the firm.

We will only ever use this information in the course of activities necessary to enter into or fulfil an insurance contract and where required as part of the claims process. We will supply this information to our agents for these purposes but will otherwise not provide personal data to other parties.

 

Claimants

In the course of collecting the information we or our agents need to enable us or them to agree to pay a claim, we may be provided with additional personal data where the claim is on behalf of the persons who purchased or are named in the policy.

We may also be provided with personal data, including sensitive or medical data, by third parties alleging that they have suffered an injury or other loss caused by the policyholder.

We will only ever use personal data obtained and processed as part of the claims process for the purpose of recording, communicating with our agents or administrators, or – with respect to our own administration activities – to resolve the claim.

 

Agents, Producing Brokers, and (Re)insurers

In the course of our dealings, we may be provided with personal data relating to the owners, directors, managers and other individuals in your organisation, including email addresses and telephone numbers.

This information will only be held and processed in connection with efficiently managing our business relationship and in that respect will be shared with those of our employees involved in the business between us.

 

People employed by us

We need to hold a range of personal data related to employees, provided by employees and also gathered in the course of employment.

We will have informed you in detail about the personal data we hold or expect to hold, the purposes for which it is processed, and asked you to consent in writing to your personal data being held and processed in this way. We will also have told you about your various rights under the legislation.

 

People in contact with us about employment

If you, or your agent (e.g. a recruitment firm) have been in contact with us in relation to a possible position that did not result in you taking up a position with us, certain personal data will have been shared with you.

If you sent the personal data directly to us, we will have acted on the basis that you consented to us holding and processing the data for the purpose of a potential job role. If the personal data was sent to us by an organisation to whom you provided it in relation to employment, we will similarly have acted on the basis that you consented to the data being provided.

Our policy is to destroy all such personal data within 12 months of receipt unless we are at that time actively in discussions about a possible specific employment role.

 

Limiting Collection and Retention of Personal Information

We collect, use, disclose and otherwise process personal data that is necessary for the purposes identified in this privacy notice or as permitted by law. If we require personal data for a purpose inconsistent with the purposes we identified in this privacy notice, we will notify clients of the new purpose and, where required, seek individuals’ consent (or ask other parties to do so on Cincinnati Global’s behalf) to process personal data for the new purposes.

Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When personal data is no longer needed, we either irreversibly anonymise the data (in which case we may further retain and use the anonymised information) or securely destroy the data.

Individuals may request additional information about the specific safeguards applied to the export of their personal data.

 

Safeguards

We have in place physical, electronic and procedural safeguards appropriate to the sensitivity of the information we maintain. These safeguards will vary depending on the sensitivity, format, location, amount, distribution and storage of the personal data, and include measures designed to keep personal data protected from unauthorized access. If appropriate, the safeguards include the encryption of communications via Secure Sockets Layer, encryption of information during storage, firewalls, access controls, separation of duties and similar security protocols. We restrict access to personal data to personnel and third parties that require access to such information for legitimate, relevant business purposes.

 

Cross–Border Transfer of Personal Information

Cincinnati Global transfers personal data to, or permits access to personal data from, countries outside the European Economic Area, or EEA. These countries’ data protection laws do not always offer the same level of protection for personal data as offered in the EEA. We will, in all circumstances, safeguard personal data as set out in this privacy notice.

Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections as EEA data protection laws. European Union data protection laws allow Cincinnati Global to freely transfer personal data to such countries.

If we transfer personal data to other countries outside the EEA, we will establish legal grounds justifying such transfer, such as individuals’ consent, or other legal grounds permitted by applicable legal requirements.

Individuals can request additional information about the specific safeguards applied to the export of your personal data.

 

Accuracy, Accountability, Openness and Your Rights 

We strive to maintain personal data that is accurate, complete and current. Individuals should contact us at compliance@cinfinglobal.com to update their information.

Questions regarding our privacy practices should be directed to Cincinnati Global’s Data Protection Officer using the contact details in the Questions, Requests or Complaints section below.

Under certain conditions, individuals have the right to request Cincinnati Global to*:

  1. provide further details on how we use and process their personal data;
  2. provide a copy of the personal data we maintain about the individual;
  3. update any inaccuracies in the personal data we hold;
  4. delete personal data that we no longer have a legal ground to process; and
  5. restrict how we process the personal data while we consider the individual’s enquiry.

In addition, under certain conditions, individuals have the right to:

  1. where processing is based on consent, withdraw the consent;
  2. object to any processing of personal data that Cincinnati Global justifies on the “legitimate interests” legal grounds, unless our reasons for undertaking that processing outweigh any prejudice to the individual’s privacy rights; and
  3. object to direct marketing (including any profiling for such purposes) at any time.

These rights are subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g., the maintenance of legal privilege). We will respond to most requests within 30 days.

If we are unable to resolve an enquiry or a complaint, individuals have the right to contact the UK data protection regulator, the Information Commissioner’s Office.

*Some of the rights in this “accuracy, accountability, openness and your rights” section only apply under European data protection law from 25 May 2018. Prior to this date, Cincinnati Global will only handle requests to exercise those rights that are available under data protection law applicable at that time, including the right to access personal data, the right to have inaccuracies in personal data rectified and certain rights to object to the processing of personal data.

 

Questions, Requests or Complaints

To submit questions or requests regarding this privacy notice or our privacy practices, please write to our data protection officer at the following address:

 

The Data Protection Officer
Cincinnati Global Underwriting Ltd.
Third Floor, One Minster Court
Mincing Lane
London EC3R 7AA

E-mail: compliance@cinfinglobal.com

Tel: +44(0)20 7220 8264
Fax: +44(0)20 7220 8290