Hiscox is committed to protecting your privacy. This Fair Processing Notice (this "Notice”) sets out details of the information that we may collect from you and how we may use that information. Please take your time to read this Notice carefully. When using a Hiscox website, this Notice should be read alongside the website terms and conditions.
Hiscox is an international insurance business. We offer insurance to individuals, companies and other insurers. We do this both by providing insurance ourselves and by placing insurance with other insurers.
We need to collect and process data about our investors and certain other corporate third parties such as analysts and journalists. This makes the relevant Hiscox company a "data controller". In this Notice we use "we" or "us" or "Hiscox" to refer to the organisation acting as data controller of your information.
The specific company acting as a data controller of your personal information will be listed in the documentation we provide to you. If you are unsure you can also contact us at any time by e-mailing us at [email protected], or by post to the Data Protection Officer, 1 Great St Helen's, London, EC3A 6HX.
The personal information that we collect will depend on your relationship with us. We will collect different personal information depending on whether you are a Hiscox shareholder, analyst, journalist or another third party.
Please click on the relevant section below for detailed information about the types of personal information we are likely to collect and use about you in different circumstances.
This section will apply if you are a prospective shareholder of Hiscox.
General information such as your name, and contact details.
We will not collect any sensitive personal information about prospective shareholders.
We will not collect any sensitive personal information about prospective shareholders.
third parties involved in the purchase of shares;
inancial institutions or advisors (such as banks) who act as intermediaries to the share purchase;
investment managers and stockbrokers;
online trading platforms;
third party administrators and suppliers we appoint to help us carry out our everyday business activities including IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, our subcontractors and tax advisers; and
our own websites.
We may use your information for a number of different purposes. For each purpose we must have a “legal ground” to use your personal information in such a way.
We need to use your personal information to enter into a contract that we hold with you. For example, we need to use your personal information to enter into your share purchase agreement.
We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.
We have an appropriate business need (sometimes call a "legitimate interest") to use your personal information. We will rely on this for activities such as maintaining our business records.
You have provided your consent to our use of your personal information.
third party administrators and suppliers we appoint to help us carry out our everyday business activities including IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, our subcontractors and tax advisers;
You will find further details of our "legal grounds" for each of our processing purposes set out below.
| Purpose for processing | Legal grounds for using your personal information |
|---|---|
To comply with our legal or regulatory obligations to maintain updated statutory books with a full list of shareholders. |
We have a relevant legal obligation to maintain up to date statutory books |
To communicate with you in relation to your shares and notify you of General Meetings. |
It is necessary to enter into or perform your share purchase agreement We have a relevant legal or regulatory obligation. We have an appropriate business need (to send you communications, record and investigate complaints and ensure that future complaints are handled appropriately). |
To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers, or carrying out customer satisfaction surveys) |
We have an appropriate business need (to effectively manage our business and communicate with our shareholders). |
From time to time, we may share your personal information with the other companies in our group or with third parties. We will keep your personal information confidential and only share it with the third parties listed below for the purposes set out above.
If you would like further information regarding the disclosures of your personal information, please contact us using the details set out in section 8 below.
Where relevant, we will share your personal with:
other companies in the Hiscox group, including where:
necessary for our business administration purposes;
we need to report information within our group of companies.
our regulators;
the police and other third parties (such as banks or other insurance companies);
our third party services providers, such as IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers and tax advisers;
selected third parties in connection with any sale, transfer or disposal of our business;
or where necessary, courts and other alternative dispute resolution providers (such as arbitrators and mediators).
This section will apply if you are a current shareholder of Hiscox.
General information such as your name, address, and contact details
Informa2tion such as IP address and browsing history obtained through our use of cookies. You can find more information about this in our cookies policy which can be found www.hiscoxgroup.com/site-tools/cookies-policy.
We will not collect any special category data from shareholders.
We will collect information directly from you and from the following third parties:
third parties involved in the purchase of shares;
financial institutions or advisors (such as banks) who act as intermediaries to the share purchase;
investment managers and stockbrokers;
online trading platforms;
third party administrators and suppliers we appoint to help us carry out our everyday business activities including IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, our subcontractors and tax advisers; and
our own websites.
We may use your information for a number of different purposes. For each purpose we must have a “legal ground” to use your personal information in such a way.
We need to use your personal information to perform a contract that we hold with you. For example, we need to use your personal information to administer into your share purchase agreement.
We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.
We have an appropriate business need to use your personal information. We will rely on this for activities such as maintaining our business records, training and quality assurance, and developing and improving our products and services.
You have provided your consent to our use of your personal information
| Purpose for processing | Legal grounds for using your personal information |
|---|---|
To comply with our legal or regulatory obligations to maintain updated statutory books with a full list of shareholders. |
We have a relevant legal obligation to maintain up to date statutory books |
To communicate with you in relation to your shares |
It is necessary to enter into or perform your share purchase agreement We have a relevant legal or regulatory obligation. We have an appropriate business need (to send you communications, record and investigate complaints and ensure that future complaints are handled appropriately). |
To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers, or carrying out customer satisfaction surveys) |
We have an appropriate business need (to effectively manage our business and communicate with our shareholders). |
To enable us to manage our business operations, such as by maintaining accounting records, carrying out analysis of financial results, using information to meet internal audit requirements, and receiving professional advice (e.g. tax or legal advice) |
We have an appropriate business need (to effectively manage our business). We have a relevant legal or regulatory obligation. |
To buy or sell group companies or to restructure our business. |
We have an appropriate business need (to buy or sell group companies or to restructure our business). We have a relevant legal or regulatory obligation. |
From time to time, we may share your personal information with the other companies in our group or with third parties. We will keep your personal information confidential and only share it with the third parties listed below for the purposes set out above.
If you would like further information regarding the disclosures of your personal information, please contact us using the details set out in section 8 below.
Where relevant, we will share your personal with:
other companies in the Hiscox group, including where:
necessary for our business administration purposes;
we need to report information within our group of companies.
our regulators;
the police and other third parties (such as banks or other insurance companies);
our third party services providers, such as IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers and tax advisers;
selected third parties in connection with any sale, transfer or disposal of our business;
or where necessary, courts and other alternative dispute resolution providers (such as arbitrators and mediators).
If you are a journalist, this section will be applicable to you.
General information such as your name and contact details.
Information about your job including job title
We will not collect any sensitive personal information.
We will collect information directly from you and from the following third parties:
publically available sources such as internet search engines, news articles and social media sites;
third party administrators and suppliers we appoint to help us carry out our everyday business activities including IT suppliers, auditors, lawyers, document management providers, outsourced business process management providers, our subcontractors and tax advisers; and
our own websites
We may use your information for a number of different purposes. For each purpose we must have a “legal ground” to use your personal information in such a way.
When the information that we process is classed as “sensitive personal information”, we must have a specific, additional “legal ground” to process such information.
We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.
We have an appropriate business need to use your personal information. We will rely on this for activities such as issuing press releases, managing events and maintaining our business records.
You have provided your consent to our use of your personal information.
When the information that we process is classed as “sensitive personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "sensitive personal information":
We need to use your sensitive personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
We need to use your personal information to prevent or detect crime and there is a substantial public interest in such use. This might happen when we are investigating allegations of insurance fraud.
You have provided your explicit consent to our use of your sensitive personal information.
You will find further details of our "legal grounds" for each of our processing purposes set out below.
| Purpose for processing | Legal grounds for using your personal information |
|---|---|
To issue press releases |
We have an appropriate business need (to promote our business and issue news updates). |
To invite you meetings and events |
We have an appropriate business need (to promote our business and invite you to events). |
To enable us to manage our business operations, such as by maintaining accounting records, carrying out analysis of financial results, using information to meet internal audit requirements, and receiving professional advice (e.g. tax or legal advice) |
We have an appropriate business need (to effectively manage our business). We have a relevant legal or regulatory obligation. |
From time to time, we may share your personal information with the other companies in our group or with third parties. We will keep your personal information confidential and only share it with the third parties listed below for the purposes explained above.
If you would like further information regarding the disclosures of your personal information, please contact us using the details set out in section 8 below.
Where relevant, we will share your personal with:
other companies in the Hiscox Group, including where:
necessary for our business administration purposes;
or we need to report information within our group of companies.
other press agencies where you are working on a joint press release;
travel operators where we are organising your travel arrangements;
We do not use analyst, journalist or other third party information for marketing purposes.
We will only keep your personal information for the minimum periods required in order to fulfil the relevant purposes set out in this Notice.
We are also required to keep certain information in order to comply with our legal and regulatory obligations.
The exact time period will depend on your relationship with us and the type of personal information we hold.
If you would like further information regarding the periods for which your personal information will be stored, please contact us using the details set out in section 8.
We (or third parties acting on our behalf) may store or process information that we collect about you in countries outside the European Economic Area ("EEA"). Where we make a transfer of your personal information outside of the EEA we will take the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect your personal information to adequate standards.
For example, from time to time, we may have our US service provider send out press releases.
If you would like further information regarding the steps we take to safeguard your personal information, please contact us using the details set out in section 8.
We use a range of organisational and technical security measures to protect your information, including firewalls and access controls, which we review periodically. We also ensure that our employees receive appropriate data security training.
Under data protection law you have certain rights in relation to the personal information that we hold about you. There will not usually be a charge for dealing with these requests. You may exercise these rights at any time by contacting us using the details set out in section 8.
Please note:
the rights set out below do not apply in all circumstances;
in some cases we may not be able to comply with your request (for example, where there is a conflict with our own obligations to comply with other legal or regulatory requirements). However, we will always respond to any request you make and if we can't comply with your request, we will tell you why.
Your rights include:
You are entitled to a copy of the personal information we hold about you and certain details of how we use it.
Your information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible.
We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
In certain circumstances, you have the right to ask us to erase your personal information, for example where the personal information we collected is no longer necessary for the original purpose or, where we are relying on consent as our legal ground, you withdraw your consent. However this will need to be balanced against other factors. For example, we may have legal and regulatory obligations which mean we cannot comply with your request.
In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to use your personal information.
In certain circumstances, you have the right to ask that we transfer personal information that you have provided to us to another third party of your choice.
You can ask us to stop sending you marketing messages at any time. You can do this either by clicking on the "unsubscribe" button in any email that we send to you or you can contact us using the details set out in section 8. Please note that even if you opt out of receiving marketing messages, we may still send you service related communications where necessary.
We do not currently carry out automated decision making. However, if in the future we do, you will have a right to object to an automated decision in certain circumstances.
Where we process your personal information based on our appropriate business needs, you can object to such processing. In such cases, we will assess your objection against our business needs.
For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information.
You have a right to complain to the Information Commissioner's Office (ICO) if you believe that any use of your personal information by us is in breach of applicable data protection laws and regulations. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/
Making a complaint will not affect any other legal rights or remedies that you have.
If you would like further information about any of the matters in this Notice or have any other questions about how we collect, store or use your personal information, you may contact our data protection officer by e-mailing us at [email protected]
From time to time we may need to make changes to this Notice, for example, as the result of changes to law, technologies, or other developments. Where we make substantial changes to this Notice we will provide you with an updated copy. You can also check our website http://www.hiscoxgroup.com periodically to view the most up-to-date Notice.
This Notice was last updated on: 24th May 2018.