Privacy Notice – Clients and Website Users
This Privacy Notice contains important information on who we are, how and why we collect, store, use and share personal information relating to individuals during our business relationship with clients, or through your use of our website, your rights in relation to your personal information and how to contact us and supervisory authorities in the event you have a complaint. “You” and “your” relates to the individuals whose personal data we process in connection with our businesses.
Personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Who we are
This notice applies to CBC UK Limited, Bell Risk Analysis Limited and Paladin Holdings Limited. CBC UK Limited is owned by Paladin Holdings Limited and the data may be shared with Paladin and its subsidiaries. See ‘Data controllers’ below for more information on other entities that may control and process your personal information.
The personal information we collect and use
In the course of our business and for the purpose of procuring an insurance contract and managing that contract or any claims made under that contract we collect the following personal information from you or our client (as applicable)
- Your name (including name prefix or title) and your title or position
- Identification and background information provided by you or collected as part of our business acceptance processes or where required to comply with applicable law or regulation
- Contact information, such as your postal address, email address and phone number(s)
- Technical information that is required in order to arrange the specific insurance being arranged
- Information that includes personal financial details, health details, previous insurance experience and where relevant criminal records such as motoring convictions for procurement of motor insurance.
- Information relating to your activities, interests or private life where you include them in any messages or conversations sent to our staff
- Any other information relating to you which you may provide or make available to us
Information collected from other sources
Where we are providing services to you, or you correspond with us, we also obtain personal information from other sources as follows:
- Credit reference providers, sanction and legal screening providers, registries, Companies House or other organisations that help us and others to reduce the incidence of fraud or in the course of carrying out identity, fraud prevention or credit control checks
- While monitoring our technology tools and services, including our websites and email communications sent to and from CBC
- Clients, such as other brokers or companies that may use us to procure an insurance contract for themselves, or on behalf of their clients
The purposes for which we use your personal information
We use your personal information to:
- Perform our contractual obligations to our clients, to undertake information management, compliance and regulatory reporting and to meet our obligations under applicable law and regulation;
- Provide information requested by you including information on our services;
- Manage and administer our relationship with you and our clients;
- Monitor compliance with applicable law and regulation in order to detect wrongful activity;
- Fulfil our legal, regulatory and risk management obligations, including oversight of our services provision and the use of our services, establishing, exercising or defending legal claims and including statutory and other audits arranged by the firm, its group or any other stakeholder;
- Make administrative arrangements relating to our services provision to you such as managing your access to certain systems and information;
- Comply with health and safety obligations (where you attend any of our locations);
- Enable us to comply with our internal governance policies aimed at preventing or detecting fraud or where you exercise any of your rights in relation to your personal data;
- Comply with your instructions for the use of your personal information, such as corresponding with your agents;
- Take any necessary steps in relation to your conduct or our client’s relationship with us; and
- Subject to you notifying us otherwise, to promote our services where you have received services of a similar nature previously, or when the insurance product renews or we reasonably believe that they will be of interest to you, including sending research, publications and details of our services.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
Use of CBC’s website
To enable our website to work, we use “Cookies”. A “Cookie” is a small text file sent by our web server to your browser. If your browser is set to accept cookies then this will be stored on your hard drive by your web browser. The Cookies used on this website are as follows:
Cookie Purpose Duration
_ga Statistical data 2 years
_gat request rate throttle Session
_gid statistical data on visit Session
Collect device/behavior tracking Session
These Cookies are essential to the normal operation of the website and do not collect personally identifiable information.
Who we share your personal information with
Any information that you provide to us may be shared with and processed by any entity in our group where they support us in the provision of our services. We may also share your personal information with certain trusted third parties in accordance with contractual arrangements in place with them, including:
1.1. Insurance companies and other brokers, that we use to procure the insurance contract for our clients;
1.2. Loss adjusters, risk managers and other experts that assist with placement of risks or handling of claims;
1.3. Third parties which provide services to us including those which we use for the performance of our obligations under our agreements with clients, information management, to undertake compliance, risk, financial and regulatory reporting and to meet our obligations to our regulators. This may include markets, market and insurer systems/portals and exchanges, where necessary, to provide the services you have requested or where required by applicable law or regulation;
1.4. For London Systems UK Limited and Callidus Solutions Limited, please see below 1.41 and 1.4.2.
1.4.1. London Systems UK Limited who provide IT services and assistance and their privacy notice can be found on their website at https://www.lonsys.co.uk/privacy-policy.php
1.4.2. Callidus Solutions Limited for Compliance services and their privacy notice can be found on their website at https://www.callidusconsult.com/privacy-policy
1.5. Online payment service providers where card payments are made via phone;
1.6. Archiving providers for physical files, electronic files and emails;
1.7. Credit provider where requested to do so by you or your principals;
1.8. Credit reference agencies or other organisations that help us and others reduce the incidence of fraud or in the course of carrying out identity, sanction screening, legal screening, fraud prevention or credit control checks;
1.9. Third parties which act on your behalf such as your agents or those who you request us to correspond with during our services provision to you;
1.10. Third parties to whom we transfer or propose to transfer any part of our business; and
1.11. Regulatory agencies, courts, tribunals, law enforcement or other authorities if required by applicable law or regulation.
In some cases your personal information may be transferred to countries outside European Economic Area where such third parties reside, perform their services or maintain any technical connection necessary for the provision of such services. In those cases, except where the relevant country has been determined to ensure an adequate level of data protection by the European Commission, we will ensure that the transferred Personal information is protected by a data transfer agreement in the appropriate standard form approved for this purpose by the applicable regulator.
Where we transfer your personal information pursuant to your request
You have certain rights relating to your personal information that are referred to below and one of them is your right to request that we transfer your personal information to a third party in certain circumstances. If we make such a transfer, we will not be responsible for that third party’s use and onward disclosure of your personal information nor will we provide any details to you as to that third party’s use or security measures. You will therefore need to contact the third party for such details.
Whether information has to be provided by you, and if so why
The provision of the types of personal information referred to above is necessary for the purposes of enabling us to provide services to our clients and to comply with applicable law and regulation.
How long your personal information will be kept
We will retain personal information for as long as necessary for the purpose for which it has been collected and is processed for or as required under applicable regulation and law. We believe that we are acting in your interest as claims or queries can often occur after an insurance contract has expired, so that our retention of the information will help us assist you in any queries you may have.
Reasons we can collect and use your personal information
Our use, disclosure and other processing of the Personal information obtained is permitted by applicable regulation and law because it is (i) necessary for the purposes of our legitimate interests in pursuing the purposes set out above; (ii) data protection legislation may provide that processing for insurance purposes is in the substantial public interest; (iii) you may have provided consent to our processing of your sensitive personal data in accordance with the purposes set out in our Terms of Business Agreement; and/or, in some cases, (iv), necessary so that we can comply with applicable law and regulation. In relation to marketing materials, the firm does not have large marketing campaigns and it is likely that you have a direct relationship with one of our brokers. Whilst we are able to process your personal data for the purposes of sending you such materials where you are an existing client and have been notified of your right to withdraw consent to receiving them or they relate to the same or similar services you have received from us unless you notify us otherwise. If you wish to unsubscribe from receiving marketing materials from us please email email@example.com and the relevant broker(s) (where applicable).
Data controllers and joint controllers
Where any undertakings or entities are joint controllers, the arrangements between them include the details set out in this notice as to the purpose of their processing and who they share the personal information with, that they will each deal with requests from individuals that wish to exercise their rights to their personal information to the extent applicable to the receiving undertaking or entity and shall liaise with the other joint controllers in that regard where necessary and that they will each hold the personal data securely and protect its privacy by using a range of industry standard practices such as access control, encryption and monitoring.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Under certain circumstances, you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). There may be cases where we are lawfully not able to provide access. In those cases, access will be provided to the extent that we are lawfully able to.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. There may be cases where we need to retain your personal information and these include where we need to comply with legal or regulatory obligations, for the purposes of legal claims or for archiving. Where we are lawfully able to retain your personal information, we are not required to erase it on your request but our processing of it may be restricted.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. There may be cases where we need to process your personal information and these include where we need to comply with legal or regulatory obligations, for the purposes of legal claims or where we have a legitimate interest that overrides your interests. Where we are lawfully able to continue to process your personal data, we are not required to stop if you object
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it
- Request the transfer of your personal information to another party in certain situations. This applies to personal data on which we have carried out automated processing. Our processing of personal data involves human involvement and is not purely automated.
- Lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113
If you would like to exercise any of those rights, please:
- email us at firstname.lastname@example.org
- let us have enough information to identify you and who you trade with
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill or a copy of your authority where relevant), and
- let us know the information to which your request relates , including any account or reference numbers, if you have them
If you wish to unsubscribe from receiving marketing materials from us please email Complaints@cbcinsurance.co.uk and the relevant broker(s) (where applicable).
Where appropriate, we will respond to your requests relating to your personal data in writing or by email. If you require our response in a different format, please let us know.
Keeping your personal information secure
We use current industry standard technology to maintain the confidentiality and accuracy of the information stored on our systems. As no data transmission over the internet can be entirely secure, we cannot guarantee that any information submitted electronically to us will be free from unauthorised third party use or intrusion. You should therefore satisfy yourself that your own information technology/equipment used to access our websites and electronic services is protected against such viruses and/or codes. We have security measures in place in respect of our systems and physical facilities to protect against loss, misuse or unauthorised alteration of the information stored on our premises. Further details of these measures can be requested by emailing email@example.com.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Individuals under the age of 18 should not send any information about themselves to us, including their name, address or e-mail address. We do not knowingly collect personal information from individuals under the age of 18 during the course of providing our services. In the event that we learn that we have collected such information in such circumstances from any individual under the age of 18, the information will be deleted as soon as reasonably possible.
Changes to this privacy notice
We may change this privacy notice from time to time. You should check this notice occasionally to ensure you are aware of the most recent version.
How to contact us
Please contact us if you have any questions about this privacy notice or the information we hold about you at firstname.lastname@example.org.