About CGICE
Casualty & General Insurance Company (Europe) Limited (‘CGICE’) gathers and processes your personal data in accordance with this Privacy Notice and in compliance with the relevant data protection regulation and law. This notice provides you with the necessary information regarding your rights and obligations, and explains how, why and when CGICE collects and processes your personal data. If you are providing information to CGICE on behalf of your business and the information includes personal data, please ensure that all relevant persons have access to this Privacy Notice. Casualty & General Insurance Company (Europe) Limited is a company registered in Gibraltar (Registered number: 89400) with a registered office at Suite 3a Centre Plaza, 2 Horse Barrack Lane, Gibraltar. Casualty & General Insurance Company (Europe) Limited is registered with the Gibraltar Regulatory Authority (GRA) as a data controller and is listed on the Register of Data Controllers under registration number DP 012244.
Information That Is Collected
CGICE processes personal data to meet its legal, statutory and contractual obligations and to provide you with CGICE’s products and services. CGICE will not collect any unnecessary personal data from you and will not process your data in any way, other than already specified in this notice. The personal data that CGICE may collect is:
– Name
– Date of birth
– Address
– Email address
– Telephone number
– National Insurance number
– Criminal convictions
– IP address
– Income and earnings details
– Special category data (medical and health information)
– Vehicle registration number and driving licence number
– Photographs or video (your image)
CGICE collects personal data from proposal forms, claim forms and other information provided by policyholders, prospective policyholders and claimants (and their respective representatives, such as insurance brokers or solicitors). IP address information on website users is collected by HTTP cookies (‘cookies’).
How We Use Your Personal Data (Legal Basis for Processing)
If you are a policyholder, prospective policyholder or claimant, CGICE collects your personal data because the processing of your personal data is necessary for the performance of an insurance contract or because you (or your representative or employer) have asked CGICE or its agent to take specific steps before entering into an insurance contract (such as asking CGICE or its agent to provide an insurance quotation). If you are a business partner, CGICE website user, or if your relationship to CGICE does not concern an insurance contract, CGICE collects your personal data because it has legitimate interests for doing so. CGICE also collects and stores personal data as part of its legal obligations for anti-money laundering, fraud prevention, sanction checking, business accounting and tax purposes. CGICE only retains your data for as long as is necessary and for the purposes specified in this notice. CGICE does not use personal data for the purposes of automated decision-making.
Rights of Data Subjects
You have the right to access the data held by CGICE and to request information about: –
– The purposes of the processing
– The categories of personal data concerned
– The recipients to whom the personal data has/will be disclosed
– How long CGICE intends to store the personal data for
– Information about the source of the personal data (if CGICE did not collect the data directly from you)
If you believe that CGICE holds any incomplete or inaccurate data about you, you have the right to ask CGICE to correct and/or complete the information. CGICE will strive to update/correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified. You also have the right to request erasure of your personal data or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from CGICE and to be informed about any automated decision-making that CGICE uses. To access your personal data or to request the information stated in this section, you can email datarequest@CGICE.com or write to: Compliance Officer Casualty & General Insurance Company (Europe) Limited Centre Plaza 2 Horse Barrack Lane Main Street Gibraltar If CGICE receives a request from you to exercise any of the above rights, you may be asked to verify your identity before the relevant request is acted upon; this is to ensure that your data is protected and kept secure.
Sharing and Disclosing Personal Data
CGICE may share your personal data with third parties, including:
Group and associated companies
CGICE is part of the CG group of companies and the group parent company is CG Holdings (Gibraltar) Limited. CGICE may share your personal data with group companies and associated companies (companies with the same owners), but only for the purposes set out in this Privacy Notice. CGICE remains responsible for the management and security of jointly used personal data. Access to personal data within CGICE, and the CG group of companies, is restricted to those individuals who have a need to access the information for the purposes set out in this Privacy Notice.
Insurance and Distribution parties
CGICE may share personal data with other insurers, reinsurers, brokers and other intermediaries, appointed representatives, distributors, loss adjusters, claims administrators, travel assistance providers, medical practitioners, financial institutions, securities firms and other business partners.
Service providers and suppliers
CGICE may share personal data with third party service providers and suppliers, including; accountants, auditors, lawyers, actuaries, banks, consultants, management companies, translators, investment advisors, IT systems companies, data hosting companies and data testing companies.
Regulators and other public bodies
CGICE may share personal data with financial services regulators, national compensation schemes, ombudsmen, national statistics organisations, Claims Underwriting Exchange and Motor Insurers’ Bureau (MIB), industry bodies, claims registers, fraud detection agencies, credit reference agencies and due diligence agencies.
CGICE will disclose personal data only in accordance with this Privacy Notice or when required by law. All data processors acting on behalf of CGICE only process your data in accordance with instructions from CGICE and comply fully with this Privacy Notice, the data protection laws and any other appropriate confidentiality and security measures.
From time to time, CGICE may sell a business or a part of a business to another company. CGICE may share personal data with purchasers and prospective purchasers or other parties in any actual or proposed reorganisation, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of the business, assets or stock.
Safeguarding Measures
CGICE takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. CGICE works hard to protect personal data from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including SSL, network encryptions, pseudonymization and IT access restrictions.
Consequences of Not Providing Personal Data
If you are a policyholder claimant, the provision of your personal data is a requirement necessary to enter into a contract of insurance or for the performance of a contract of insurance. Failure to provide personal data in relation to an insurance policy when requested may result in breach of contract and may invalidate the policy or may cause CGICE to reject a claim made under the policy. Prospective policyholders are not obliged to provide personal data prior to entering into a contract, however CGICE will not be able to offer its products or services without it.
How Long We Keep Personal Data
CGICE only ever retains personal data for as long as is necessary and has strict review and retention policies in place to meet these obligations. The nature of the insurance products provided by CGICE may necessitate the retention of personal data for the duration of the coverage period under the relevant insurance policy (until it is no longer possible to make a claim under the policy). Notwithstanding the above, in certain circumstances CGICE may be required to retain personal data for a period of 6 years in accordance with tax law.
Special Categories of Personal Data
Owing to the nature of the insurance products provided by CGICE, CGICE sometimes needs to request sensitive personal information relating to policyholders, insured persons, claimants or other third parties. This information may include health records, medical history and criminal convictions. Where sensitive personal data is required, CGICE will only request the information required for the specified purpose and will always ask for your explicit consent through a signature. You can modify or remove consent at any time, which CGICE will act on immediately, unless there is a legitimate interest or legal reason for not doing so.
Lodging A Complaint CGICE will only process personal data in compliance with this Privacy Notice and in accordance with the relevant data protection laws. If, however, you wish to raise a complaint regarding the processing of your personal data or you are unsatisfied with how CGICE has handled your information, you have the right to lodge a complaint with the supervisory authority. Gibraltar Regulatory Authority 2nd floor, Eurotowers 4 1 Europort Road Gibraltar Tel: +350 200 74636 Email: info@gra.gi.