Casualty & General Insurance Company (Europe) Limited (‘CGICE’) gathers and processes your personal data in accordance with this Privacy Notice and in compliance with the relevant data protection regulation and law. This notice provides you with the necessary information regarding your rights and obligations, and explains how, why and when CGICE collects and processes your personal data. If you are providing information to CGICE on behalf of your business and the information includes personal data, please ensure that all relevant persons have access to this Privacy Notice. Casualty & General Insurance Company (Europe) Limited is a company registered in Gibraltar (Registered number: 89400) with a registered office at 6A Queensway, Gibraltar. Casualty & General Insurance Company (Europe) Limited is registered with the Gibraltar Regulatory Authority (GRA) as a data controller and is listed on the Register of Data Controllers under registration number DP 012244.
Information That Is Collected
CGICE processes personal data to meet its legal, statutory and contractual obligations and to provide you with CGICE’s products and services. CGICE will not collect any unnecessary personal data from you and will not process your data in any way, other than already specified in this notice.
The personal data that CGICE may collect is:
- Date of birth
- Email address
- Telephone number
- National Insurance number
- Criminal convictions
- IP address
- Income and earnings details
- Special category data (medical and health information)
- Vehicle registration number and driving licence number
- Photographs or video (your image)\
CGICE collects personal data from proposal forms, claim forms and other information provided by policyholders, prospective policyholders and claimants (and their respective representatives, such as insurance brokers or solicitors). IP address information on website users is collected by HTTP cookies (‘cookies’).
How We Use Your Personal Data (Legal Basis for Processing)
If you are a policyholder, prospective policyholder or claimant, CGICE collects your personal data because the processing of your personal data is necessary for the performance of an insurance contract or because you (or your representative or employer) have asked CGICE or its agent to take specific steps before entering into an insurance contract (such as asking CGICE or its agent to provide an insurance quotation). If you are a business partner, CGICE website user, or if your relationship to CGICE does not concern an insurance contract, CGICE collects your personal data because it has legitimate interests for doing so. CGICE also collects and stores personal data as part of its legal obligations for anti-money laundering, fraud prevention, sanction checking, business accounting and tax purposes. CGICE only retains your data for as long as is necessary and for the purposes specified in this notice. CGICE does not use personal data for the purposes of automated decision-making.
Rights of Data Subjects
You have the right to access the data held by CGICE and to request information about: -
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long CGICE intends to store the personal data for
- Information about the source of the personal data (if CGICE did not collect the data directly from you)
If you believe that CGICE holds any incomplete or inaccurate data about you, you have the right to ask CGICE to correct and/or complete the information. CGICE will strive to update/correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified. You also have the right to request erasure of your personal data or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from CGICE and to be informed about any automated decision-making that CGICE uses. To access your personal data or to request the information stated in this section, you can email datarequest@CGICE.com or write to: Compliance Officer Casualty & General Insurance Company (Europe) Limited Centre Plaza 2 Horse Barrack Lane Main Street Gibraltar If CGICE receives a request from you to exercise any of the above rights, you may be asked to verify your identity before the relevant request is acted upon; this is to ensure that your data is protected and kept secure.
Sharing and Disclosing Personal Data
CGICE may share your personal data with third parties, including:
Group and associated companies
CGICE is part of the CG group of companies and the group parent company is CG Holdings (Gibraltar) Limited. CGICE may share your personal data with group companies and associated companies (companies with the same owners), but only for the purposes set out in this Privacy Notice. CGICE remains responsible for the management and security of jointly used personal data. Access to personal data within CGICE, and the CG group of companies, is restricted to those individuals who have a need to access the information for the purposes set out in this Privacy Notice.
Insurance and distribution parties
CGICE may share personal data with other insurers, reinsurers, brokers and other intermediaries, appointed representatives, distributors, loss adjusters, claims administrators, travel assistance providers, medical practitioners, financial institutions, securities firms and other business partners.
Service providers and suppliers
CGICE may share personal data with third party service providers and suppliers, including; accountants, auditors, lawyers, actuaries, banks, consultants, management companies, translators, investment advisors, IT systems companies, data hosting companies and data testing companies.
Regulators and other public bodies
CGICE may share personal data with financial services regulators, national compensation schemes, ombudsmen, national statistics organisations, motor insurance bureaux, industry bodies, claims registers, fraud detection agencies, credit reference agencies and due diligence agencies.
CGICE will disclose personal data only in accordance with this Privacy Notice or when required by law. All data processors acting on behalf of CGICE only process your data in accordance with instructions from CGICE and comply fully with this Privacy Notice, the data protection laws and any other appropriate confidentiality and security measures.
From time to time, CGICE may sell a business or a part of a business to another company. CGICE may share personal data with purchasers and prospective purchasers or other parties in any actual or proposed reorganisation, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of the business, assets or stock.
CGICE takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. CGICE works hard to protect personal data from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including SSL, network encryptions, pseudonymization and IT access restrictions.
Consequences of Not Providing Personal Data
If you are a policyholder claimant, the provision of your personal data is a requirement necessary to enter into a contract of insurance or for the performance of a contract of insurance. Failure to provide personal data in relation to an insurance policy when requested may result in breach of contract and may invalidate the policy or may cause CGICE to reject a claim made under the policy. Prospective policyholders are not obliged to provide personal data prior to entering into a contract, however CGICE will not be able to offer its products or services without it.
How Long We Keep Personal Data
CGICE only ever retains personal data for as long as is necessary and has strict review and retention policies in place to meet these obligations. The nature of the insurance products provided by CGICE may necessitate the retention of personal data for the duration of the coverage period under the relevant insurance policy (until it is no longer possible to make a claim under the policy). Notwithstanding the above, in certain circumstances CGICE may be required to retain personal data for a period of 6 years in accordance with tax law.
Special Categories of Personal Data
Owing to the nature of the insurance products provided by CGICE, CGICE sometimes needs to request sensitive personal information relating to policyholders, insured persons, claimants or other third parties. This information may include health records, medical history and criminal convictions. Where sensitive personal data is required, CGICE will only request the information required for the specified purpose and will always ask for your explicit consent through a signature. You can modify or remove consent at any time, which CGICE will act on immediately, unless there is a legitimate interest or legal reason for not doing so.
Lodging A Complaint
CGICE will only process personal data in compliance with this Privacy Notice and in accordance with the relevant data protection laws. If, however, you wish to raise a complaint regarding the processing of your personal data or you are unsatisfied with how CGICE has handled your information, you have the right to lodge a complaint with the supervisory authority. Gibraltar Regulatory Authority 2nd floor, Eurotowers 4 1 Europort Road Gibraltar Tel: +350 200 74636 Email: firstname.lastname@example.org.
Last updated November 12, 2019
What are cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.
Cookies set by the website owner are called "first party cookies". Cookies set by parties other than the website owner are called "third party cookies". Third party cookies enable third party features or functionality to be provided on or through the website (e.g. like advertising, interactive content and analytics). The parties that set these third party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.
We use first and third party cookies for several reasons. Some cookies are required for technical reasons in order for our Websites to operate, and we refer to these as "essential" or "strictly necessary" cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Online Properties. Third parties serve cookies through our Websites for advertising, analytics and other purposes. This is described in more detail below.
The specific types of first and third party cookies served through our Websites and the purposes they perform are described below (please note that the specific cookies served may vary depending on the specific Online Properties you visit):
Analytics and customisation cookies:
These cookies collect information that is used either in aggregate form to help us understand how our Websites are being used or how effective our marketing campaigns are, or to help us customize our Websites for you.
These are cookies that have not yet been categorized. We are in the process of classifying these cookies with the help of their providers.
Name:pll_language / Provider:cgice.com / Country:United States / Type:server_cookie
What about other tracking technologies, like web beacons?
Cookies are not the only way to recognize or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These are tiny graphics files that contain a unique identifier that enable us to recognize when someone has visited our Websites or opened an e-mail including them. This allows us, for example, to monitor the traffic patterns of users from one page within a website to another, to deliver or communicate with cookies, to understand whether you have come to the website from an online advertisement displayed on a third-party website, to improve site performance, and to measure the success of e-mail marketing campaigns. In many instances, these technologies are reliant on cookies to function properly, and so declining cookies will impair their functioning.
Do you use Flash cookies or Local Shared Objects?
Websites may also use so-called "Flash Cookies" (also known as Local Shared Objects or "LSOs") to, among other things, collect and store information about your use of our services, fraud prevention and for other site operations.
If you do not want Flash Cookies stored on your computer, you can adjust the settings of your Flash player to block Flash Cookies storage using the tools contained in the Website Storage Settings Panel . You can also control Flash Cookies by going to the Global Storage Settings Panel and following the instructions (which may include instructions that explain, for example, how to delete existing Flash Cookies (referred to "information" on the Macromedia site), how to prevent Flash LSOs from being placed on your computer without your being asked, and (for Flash Player 8 and later) how to block Flash Cookies that are not being delivered by the operator of the page you are on at the time).
Please note that setting the Flash Player to restrict or limit acceptance of Flash Cookies may reduce or impede the functionality of some Flash applications, including, potentially, Flash applications used in connection with our services or online content.
Do you serve targeted advertising?
Third parties may serve cookies on your computer or mobile device to serve advertising through our Websites. These companies may use information about your visits to this and other websites in order to provide relevant advertisements about goods and services that you may be interested in. They may also employ technology that is used to measure the effectiveness of advertisements. This can be accomplished by them using cookies or web beacons to collect information about your visits to this and other sites in order to provide relevant advertisements about goods and services of potential interest to you. The information collected through this process does not enable us or them to identify your name, contact details or other details that directly identify you unless you choose to provide these.