This Privacy Notice describes how ERGO UK Specialty Limited handles the personal information of the following individuals (“you“) in connection with our insurance policies and the operation of our business:
- Policyholders
- Prospective policyholders who request a quote, either directly or through an intermediary
- Individuals other than the policyholder who are (or may be) covered by our insurance policies (i.e., those individuals whose details are provided in connection with an application for insurance or who are covered by the insurance policy)
- Individuals who make a claim against one of our policyholders or an individual covered by the policyholder’s policy
- Witnesses of events associated with a claim
- Staff of our suppliers and service providers
- Staff of our third party business partners, including managing general agents, sub-coverholders, insurers and reinsurers
- Staff of our third party administrators
When we use the term “personal information” we mean information about a living, identifiable person.
When we use the term “we” or “ERGO” we mean ERGO UK Specialty Limited (company number 04516776) whose registered address is Munich Re Group Offices, 13th Floor, 10 Fenchurch Avenue, London, England, EC3M 5BN.
You may have purchased your insurance policy or applied for a quotation through an intermediary, e.g., a broker. Please contact them directly for further information on how they collect and process your personal information.
Overview
- We are a “controller” in relation to our processing of your personal information and we will hold and otherwise process such information in compliance with our obligations under applicable data protection law for the purposes set out in this Privacy Notice.
- For details on the type of information we collect about you, please see section 1.
- We only process your personal information where it is necessary, in accordance with applicable data protection law. Please see sections 2, 6, 7, 8 and 11 for information about how we use your personal information.
- We may share your personal information with certain third parties and transfer it outside the United Kingdom. Please see sections 3 and 4 for more information on these activities.
- We take steps to keep your personal information secure through appropriate physical, technical and organisational measures. Please see section 5 for further details on the measures we take.
- We will only keep your personal information for as long as is reasonably required, subject to certain legal and regulatory obligations. Please see section 9 for information about how long we keep your personal information.
- You have certain rights in relation to your personal information, including a right to request a copy of your personal information. Please see section 10 for information on your rights and how you may exercise them.
- If you have any queries or complaints, or would like to exercise your rights in relation to your personal information, please use the contact details set out in section 12.
1. What information do we collect about you?
We collect and process certain information about you in connection with (a) your insurance policy or quotation (or an insurance policy or quotation for a policy that you are a beneficiary of), (b) claims made against our policyholders or an individual covered by the policyholder’s policy or (c) the business relationship you have with us. In this Privacy Notice, we refer to this information as “personal information“.
We collect this information from a number of sources depending on the circumstances, including: you, the person who takes out a policy of insurance with us (i.e., the policyholder) (if that isn’t you), your representatives, intermediaries (e.g., brokers, financial advisers and our business partners, including coverholders who sell our insurance policies on our behalf), reinsurers, credit reference agencies, anti-fraud and crime prevention/detection databases and agencies, and publicly available sources.
We may also receive personal information from:
- our service providers, including claims handlers, loss adjusters, investigators and legal advisers;
- third parties relevant to your insurance or a claim under it, including claimants, defendants and witnesses to an incident; and
- government agencies and regulatory bodies.
We have set out below a list of the main categories of personal information we collect and use. Against each category, we have provided some examples of the types of personal information that fall within that category. The specific information we collect about you and where we collect it from will depend on the nature of our relationship with you.
| Category of personal information | Example of personal information processed |
| Individual information | • Name • Address • Contact details (e.g., telephone number and email address) • Government issued identification numbers (e.g., driving licence number and national Insurance number) • IP address • Recordings of telephone conversations you have with us • Date of birth and age • Nationality • Marital status • Gender • Family, lifestyle and social circumstances • Vulnerability data – information about your health, life events (e.g., loss of employment), resilience (e.g., ability to withstand financial shocks) and capability (e.g., knowledge of financial matters) that help us identify if you may need additional support so we can meet your needs |
| Financial information | • Income • Bank or payment card details • Credit history |
| Employment information | • Occupation • Employer • Job title • Employment history • Any professional disciplinary actions |
| Policy and claims information | • Quotes received • Insurance policies taken out and information relevant to your insurance (e.g., details of the property that is covered by the insurance) • Information about claims made against insurance policies, including historic claims • Photographs and video footage that is relevant to an insurance policy or claim, as well as statements and accounts from witnesses that are relevant to a claim |
| Anti-fraud information | • Information from sanctions, anti-fraud and anti-financial crime databases |
| Business information to the extent it comprises personal information | • Business description • Information about a business and its staff obtained during the due diligence / onboarding process • Information about a business and its staff obtained during the process of conducting business |
In addition to the above categories of personal information, we may also collect and use certain types of “sensitive personal information“. This includes health information, such as medical records, and criminal offence and activity information, such as criminal proceedings, cautions, court sentences, convictions and any alleged offences.
We may collect personal information about other individuals, such as employees, or members of your family or household, from you. We refer to those individuals as “you” in this notice when we describe how we use their personal information. If you provide us with information about other individuals, you should show this Privacy Notice to them and encourage them to read it so that they are aware of how and why ERGO uses their personal information (including any sensitive personal information). Please ensure that those individuals are happy for their personal information to be shared with us.
2. How and why do we use your personal information?
We collect and use your personal information for a number of business purposes, including to arrange and administer insurance policies, produce quotations, manage our business relationship with you, and to develop / offer new products and services, as well as to comply with our legal and regulatory obligations. If you do not provide us with certain personal information where required to enter into and perform an insurance contract, we will be unable to conclude or perform the contract.
We must have a lawful reason (as set out in data protection law) to collect and use your personal and sensitive personal information. The principal lawful grounds we rely on are as follows:
- Performance of a contract: the use of your personal information is necessary in order for you to enter into an insurance or other contract with us, or is required for us to perform our insurance or other contract with you.
- Legitimate interests: the use of your personal information is necessary for our legitimate interests or those of a third party. Our legitimate interests typically relate to business operation and administration (including improving our services, managing risk and our business efficiently, performing audits and maintaining accurate records). Where we rely upon this lawful basis, we have considered your rights and ensured that our interests (or those or a third party, if applicable) do not cause you undue detriment.
- Legal obligation: the use of your personal information is necessary for us to comply with a legal or regulatory obligation. This does not cover foreign laws and regulations which we may be required or choose to comply with; where our processing of your information is to comply with foreign laws and regulations, our lawful basis is legitimate interests (it being in our legitimate interests (and society more generally) to comply with those laws and regulations).
Consent is another lawful ground (i.e., where we have your consent to use your personal information). For most of our uses of personal information, we do not need or rely on consent. Where we do rely on your consent, you may withdraw your consent to processing at any time by contacting the Data Protection Officer using the details provided in section 12.
Where we process sensitive personal information, such as health and criminal offence data, we are required to have an additional legal condition for processing. The principal conditions we rely on in the UK are as follows:
- Insurance purpose: the use of your sensitive personal information is necessary for an insurance purpose, including arranging, underwriting and administering a contract of insurance, handling claims, and exercising rights or complying with obligations that arise in connection with the insurance contract, including legal rights and obligations.
- Preventing or detecting unlawful acts (including fraud and other criminal activity).
- Legal rights: the use of your personal information is necessary for the purposes of establishing, exercising or defending our legal rights.
- Safeguarding of individuals at risk: the use of your sensitive personal information is necessary for protecting the economic wellbeing of an individual at risk.
- Consent: you have provided explicit consent to the processing of your sensitive personal information. Note, where relevant, this consent may have been given to an intermediary (e.g., a broker) from whom you purchased your policy or an administrator handling your claim. You may withdraw your consent to processing at any time by contacting the Data Protection Officer using the details provided in section 12.
We have set out our reasons for processing your personal information, the categories of information concerned and the corresponding lawful bases in further detail below.
| Reason for processing your personal information | Category of personal information processed | Lawful basis of processing | Lawful basis for processing sensitive personal information (if applicable) |
|---|---|---|---|
| To arrange and administer a quotation and / or application for insurance | Individual information Financial information Employment information Policy and claims information Anti-fraud information Sensitive personal information | Performance of a contract or legitimate interests where our contract of insurance is not with you Our legitimate interest is to offer insurance products that extend cover beyond the policyholder | Insurance purpose Safeguarding of individuals at risk |
| To evaluate and price the risks to be insured and validate any appropriate premium | Individual information Financial information Employment information Policy and claims information Anti-fraud information Sensitive personal information | Performance of a contract or legitimate interests where our contract of insurance is not with you Our legitimate interest is to offer insurance products that extend cover beyond the policyholder | Insurance purpose Safeguarding of individuals at risk |
| To enter into a contract of insurance, including providing you with insurance documentation | Individual information Financial information Employment information Policy and claims information Anti-fraud information Sensitive personal information | Performance of a contract or legitimate interests where our contract of insurance is not with you Our legitimate interest is to offer insurance products that extend cover beyond the policyholder | Insurance purpose Safeguarding of individuals at risk |
| To manage and administer the insurance policy, including collecting any appropriate premium and to communicate with you in relation to the insurance policy | Individual information Financial information Employment information Policy and claims information Anti-fraud information Sensitive personal information | Performance of a contract or legitimate interests where our contract of insurance is not with you Our legitimate interest is to offer insurance products that extend cover beyond the policyholder We may also rely on legitimate interests to communicate with you and provide you with helpful information where this is not strictly necessary to perform the insurance contract We may also have legal or regulatory duties that that require us to send certain communications to you; where this is the case, our legal basis is legal obligation | Insurance purpose Safeguarding of individuals at risk |
| To investigate, process and manage claims | Individual information Financial information Employment information Policy and claims information Anti-fraud information Sensitive personal information | Performance of a contract or legitimate interests where our contract of insurance is not with you Our legitimate interest is to offer insurance products that extend cover beyond the policyholder and to investigate, process and manage claims by and against our policyholders and insureds | Insurance purpose Legal rights |
| To establish, enforce and defend our legal rights, including to pursue or defend litigation | Individual information Financial information Employment information Policy and claims information Anti-fraud information Business information Sensitive personal information | Legitimate interests Our legitimate interest is to establish, enforce and defend our legal rights to protect our business, shareholders, employees and customers | Insurance purpose Legal rights |
| To assess mid-term adjustments and renewals, and process policy cancellations | Individual information Financial information Employment information Policy and claims information Anti-fraud information Sensitive personal information | Performance of a contract or legitimate interests where our contract of insurance is not with you Our legitimate interest is to offer insurance products that extend cover beyond the policyholder | Insurance purpose Safeguarding of individuals at risk |
| To investigate and respond to complaints | Individual information Financial information Employment information Policy and claims information Sensitive personal information | Legitimate interests; our legitimate interest is to ensure effective investigation and resolution of complaints We may also have legal or regulatory duties that affect the handling of a complaint and how long we need to keep personal information in relation to a complaint; where this is the case, our legal basis is legal obligation | Insurance purpose Legal rights |
| To comply with our legal and regulatory obligations, including complying with a court order and undertaking audits | Individual information Financial information Employment information Policy and claims information Anti-fraud information Business information Sensitive personal information | Legal obligation or legitimate interests where the legal or regulatory obligation is derived from a foreign law or regulation | Insurance purpose Legal rights |
| To conduct legally required sanctions, fraud, credit and anti-money laundering checks | Individual information Financial information Employment information Policy and claims information Anti-fraud information Business information Sensitive personal information | Legal obligation or legitimate interests where the legal or regulatory obligation is derived from a foreign law or regulation | Insurance purpose Preventing or detecting unlawful acts |
| For crime and fraud investigation, prevention and detection which is not required by law, but is done to protect our business and customers | Individual information Financial information Employment information Policy and claims information Anti-fraud information Business information Sensitive personal information | Legitimate interests It is in our legitimate interests (and society more generally) to investigate, prevent and detect criminal and fraudulent activity, even where we do not have a strict legal obligation to do so | Insurance purpose Legal rights Preventing or detecting unlawful acts |
| To manage our business operations, such as maintaining business and policy records | Individual information Financial information Employment information Policy and claims information Anti-fraud information Business information Sensitive personal information | Legitimate interests Our legitimate interest is to ensure the effective and efficient management and administration of our business, and to protect our business, shareholders, employees and customers | Insurance purpose Legal rights |
| To develop new products and improve our services (including through the provision of staff training and by undertaking market research) | Individual information Financial information Employment information Policy and claims information Anti-fraud information Business information Sensitive personal information | Legitimate interests Our legitimate interest is to develop and improve our products and services to ensure we remain competitive and provide products and services to meet our customers’ needs | Insurance purpose |
| To conduct research (and for wider statistical purposes) | Individual information Financial information Employment information Policy and claims information Business information Anti-fraud information | Legitimate interests Our legitimate interest is to carry out research for various purposes to more effectively pursue our business and commercial objectives. This includes research to better understand our customers | |
| To conduct direct marketing | Individual information Financial information Employment information Policy and claims information Business information Anti-fraud information | Legitimate interests or consent (where we obtain your consent in order to undertake direct marketing) Our legitimate interest is to market and promote our products and services You may opt-out of direct marketing at any time by contacting the Data Protection Officer using the details provided in section 12. | |
| To manage and administer our relationship with, and records of, our suppliers, service providers, third party business partners and third party administrators | Individual information Financial information Employment information Anti-fraud information Business information Sensitive personal information | Legitimate interests Our legitimate interest is to effectively and efficiently manage and administer our relationships with our suppliers, service providers, third party business partners and third party administrators | Legal rights Preventing or detecting unlawful acts |
| To onboard our suppliers, service providers, third party business partners and third party administrators | Individual information Financial information Employment information Anti-fraud information Business information Sensitive personal information | Legitimate interests Our legitimate interest is to effectively and efficiently manage and administer our relationships with our suppliers, service providers, third party business partners and third party administrators, including through our onboarding process | Legal rights Preventing or detecting unlawful acts |
| To process payments to our suppliers, service providers, third party business partners and third party administrators | Individual information Financial information Anti-fraud information Business information | Legitimate interests Our legitimate interest is to pay our suppliers, service providers, third party business partners and third party administrators in accordance with our commercial arrangements |
3. Sharing your personal information
Where necessary to do so in connection with the purposes listed in
section 2, we may share the personal information we receive with other organisations. This includes:
- other organisations involved in arranging and administering contracts of insurance, and claims made under them. This includes: brokers; financial advisers; our business partners; reinsurers and other insurers (including our insurers and reinsurers); loss adjusters; investigators; and claims handlers;
- other members of the ERGO group of companies, including the Great Lakes and Munich Re companies; and
- our service providers, including our law firms, accountants, auditors, other professional advisors, our financial institutions and our IT, information security and back office systems providers.
We may also share personal information with regulatory bodies such as the Financial Conduct Authority (FCA), Financial Ombudsman Service (FOS) and the Information Commissioner’s Office (the ICO).
We may also share your personal information with law enforcement, fraud and financial crime detection, credit reference and debt collection agencies and within the ERGO group of companies to (as the case may be):
- assess financial and insurance risks;
- recover debt; and
- prevent and detect crime, including fraud.
If we buy or sell any business or assets, we may disclose personal information held by us to the prospective seller or buyer of such business or assets. If we or substantially all of our assets are purchased by a third party (or subject to a reorganisation within our group of companies), personal information held by us will be one of the transferred assets.
Except for the disclosures described above, we will not disclose your personal information to anyone outside the ERGO group of companies except:
- Where we have your permission to do so;
- Where we are required or permitted to do so by law;
- To other companies where required in connection with the provision of a service to us or you; or
- Where we transfer rights and obligations under an insurance policy.
4. Transfer of personal information outside the United Kingdom
In relation to the personal information sharing described in section 3, your personal information may be shared with recipients located outside the United Kingdom.
Where this happens, your personal information will be held securely and handled in accordance with applicable data protection law.
Personal information will not be transferred outside the United Kingdom unless it is to a country which is considered to have equivalent standards with regard to data protection to those in the United Kingdom, or we have taken reasonable steps to ensure that suitable data protection safeguards are in place (e.g., appropriate contractual arrangements to protect your privacy).
Please contact the Data Protection Officer using the details in section 12 for more information on these safeguards.
5. Keeping your personal information secure
We follow strict technical, physical and organisational procedures in the processing, storage, disclosure and destruction of your personal information. This is to protect against unauthorised access or damage to, or disclosure or loss of, your personal information. If you have any concerns or queries regarding how we keep your personal information secure, please contact our Data Protection Officer using the details in section 12.
6. Call monitoring and recording
For quality control, training and monitoring purposes and to audit the evaluation process for the pricing of risks to be insured and the way in which claims are handled, we may record telephone calls made with us or the broker or other organisation from whom you purchased your policy (where relevant).
7. Information collected through electronic methods
If you contact us via an electronic method, we may record your internet electronic identifier (i.e., your internet protocol (IP) address). Your telephone company may also provide us with your telephone number.
We also use cookies and similar technologies to enable us to remember when you visit our websites and to improve your customer experience. When you visit our website, we may record your device information (including IP address) and when and how you interact with our websites.
To find out more about our use of cookies and related technologies, please read our Cookie Policy on our website (https://www.ergoinsurance.co.uk/policies/cookie-policy).
8. Fraud and other financial crime
We use personal information to detect and prevent fraud and other financial crime, including to meet our legal and regulatory responsibilities. We use information provided by you and other sources (including public registers and fraud prevention / detection agencies and databases) for this purpose.
We may also use personal information, including details of our interactions with you, to help us detect fraud committed by brokers or financial advisers or to identify where you or a third party may be at risk of fraud or other financial crime.
If you give us false or inaccurate information and we suspect fraud, we will record this to prevent further fraud and money laundering and this may be shared with other parties.
9. Data retention
We will hold your personal information for as long as is reasonably required for the purposes described in this Privacy Notice, including to meet our legal, regulatory, tax and accounting obligations and to keep an accurate record of your dealings with us, so we can respond to any complaints, claims or challenges you or others might raise later.
The specific retention period for your personal information will depend on the relationship you have with us and the reasons we hold your personal information.
For further information on our retention periods, please contact our Data Protection Officer using the details in section 12.
10. Your individual rights
You have a number of rights in relation to your personal information. In summary, these include the following:
- Access: the right to access and receive a copy of the personal information we hold about you, as well as information around its processing.
- Data Portability: the right to receive a portable copy of your data and the right to transfer your personal information to another organisation.
- Erasure: the right to have your personal information deleted from our systems. There are certain circumstances where this right will not apply, e.g., where we have to retain your personal information to comply with a legal obligation.
- Rectification: the right to have your personal information corrected if it is inaccurate and completed if it is incomplete. Please inform us promptly of any changes to your circumstances so we can update the personal information we hold on you.
- Restrict Processing: the right to restrict or suppress (i.e. suspend) our processing of your personal information in certain circumstances.
- Objection: the right to object to our processing of your personal information in certain circumstances (e.g., where processing relies upon the legitimate interests lawful basis – see section 2 above), including an absolute right to object to direct marketing.
- Withdrawing your consent: Where we rely on your consent to use your personal information, you can subsequently withdraw your consent at any time.
- Automated decision making: Automated decision making (i.e., a decision made automatically by our systems without human intervention) may be used as part of our underwriting process to generate a quote. Depending on the information provided, our system will automatically generate a quote, refer the application for further (non-automated) consideration by a member of our staff or decline the application. In these circumstances, you may have the right to challenge the decision that has been made automatically and request that a member of our staff review that decision.
Please note that these rights may only be available in certain circumstances and are subject to certain exemptions. If we are unable to fulfil a request, we will always let you know our reasons to the extent we are able to do so.
If you would like to exercise any of your rights, please contact our Data Protection Officer using the details in section 12. We may need to confirm your identity before we can respond to your request.
11. Employers’ Liability Tracing Office
If you have a policy with us which provides Employers’ Liability cover, information relating to your insurance policy will be provided to the Employers’ Liability.
Tracing Office (“ELTO”) and added to an electronic database, in a format set out by the Employers’ Liability Insurance: Disclosure by Insurers Instrument 2011 and subsequent Instruments.
The ELTO database assists individual claimants who have suffered an injury or disease arising out of their course of employment whilst working for employers carrying on, or who carried on, business in the UK and as a result are covered by the employers’ liability insurance of their employers:
- to identify which insurer (or insurers) was (or were) providing employers’ liability cover during the relevant periods of employment; and
- to identify the relevant employers’ liability insurance policies.
The database and the data stored on it may be accessed and used by claimants, their appointed representatives, insurers with potential liability for UK commercial lines employers’ liability insurance cover and any other persons or entities permitted by law. The database is managed by the ELTO and further information can be found on the ELTO website (http://www.elto.org.uk).
12. Contact and complaints details
Please contact the ERGO Data Protection Officer if you have questions regarding this Privacy Notice or your rights, including if you wish to exercise your rights set out in section 10.
You can contact the Data Protection Officer at:
Data Protection Officer
ERGO UK Specialty Ltd
Munich Re Group Offices
10 Fenchurch Avenue, London
EC3M 5BN
Telephone: 0121 200 5825
Email: dataprotectionofficer@ergo-specialty.co.uk
If you are unhappy with any response given or have a complaint, you can raise this with:
The Information Commissioner
Wycliffe House
Water Lane
Wilmslow, Cheshire
SK9 5AF
Website: https://ico.org.uk/
If you would like this Privacy Notice in an alternative format, please contact the Data Protection Officer using the details above.
13. Changes to this Privacy Notice
We may amend this Privacy Notice from time to time (e.g., to keep it up to date or to comply with legal requirements). We review our Privacy Notice regularly and will place any updates on our website.
This Privacy Notice was last updated on 25th October 2024
8. Fraud and other financial crime