Data Privacy Notice
The privacy and security of your information is important to us. This policy explains who we are, the types of information we hold, how we use it, who we share it with and how long we keep it. It also informs you of certain rights you have regarding your personal information under current data protection law.
Who we are
Kerr Group Insurance is a trading name of William Kerr & Co (Insurance Consultants) Ltd which was originally established in 1929 to provide advice and insurance protection to businesses and individuals in our locality. We are now represented through 9 offices spread across the province – where we continue to do exactly that. Kerr Group is the Data Controller of the information you provide us and is registered with the Information Commissioner’s Office for the products and services we provide to you.
Our commitment to privacy
- As an independent broker, we are committed to observing your privacy rights under the European General Data Protection Regulation (GDPR) and UK Data Protection laws.
- We will only collect, hold and process your Personal Data for specific processing purposes. We recognise your right to withdraw your consent at any given stage of the processing or after conclusion of a contract however this may affect our ability to provide services to you.
- Our security measures are designed to protect your Personal and Sensitive Data and demonstrate our continuing commitment to the GDPR and UK Data Protection laws.
- We firmly believe that you should be able to make privacy choices that are right for you and that it is our duty to make sure your Personal Data and the Personal Data of all Data Subjects is accurate and kept up to date.
We are committed to training and educating our employees in their privacy obligations under the GDPR and UK Data Protection laws.
Personal Information Collected
We may receive and process personal information from customers and prospective customers which includes personal information on other Data Subjects who may be beneficiaries under the proposed insurance service being provided. The information may include but is not limited to:
Contact information, such as name, title, address, business and/or personal telephone number, and business and/or personal email address.
Verification information, such as passport, driver’s license, utility bill, credit or bank card statement, country of residence, country of origin/nationality, country of domicile/tax residency, tax reference number, date of birth, and occupation. Insurance application information, which may contain sensitive personal data such as medical information where that data is required to place and service your insurance contract.
Finance-related information, such as bank account details, payment record, the amount of insurance covers required and details of the insurance.
Work contact information, such as name, title, name of the business the Data Subject works for, business address, business telephone number, and business email address.
Data gathered by our website(s) visited by Data Subjects that pertains to Data Subjects’ usage of such website(s).
Purposes for Processing Personal Information
We use the personal information held about Data Subjects for the following purposes:
To carry out our obligations arising from any agreement entered into with us by or on behalf of Data Subjects, including to contact such individuals (including with information or messages about the insurance product), and for administrative purposes.
To complete anti-money laundering checks, verification checks and other checks as are required by law, which, if not conducted, means that we will be unable to carry out our obligations arising under any agreement.
To tailor our advice and services to Data Subjects.
To communicate with our institutional clients and other businesses through their natural person representatives.
Lawful Basis for Processing Personal Information
The lawful basis/bases that we rely upon to process personal information held about Data Subjects is as follows:
To carry out our obligations arising from our agreement with Data Subjects, to take steps at Data Subjects’ request prior to entering into an agreement, and to send informational messages to clients and insureds to the extent allowed by applicable law and which are in our legitimate interests.
To carry out our obligations arising from our agreement with Data Subjects, to comply with our legal obligations, where it is necessary for reasons of substantial public interest and where it is necessary for insurance purposes, or otherwise with your explicit consent.
To carry out our obligations arising from the agreement entered into by or on behalf of Data Subjects, and where it is necessary for the purposes of the legitimate interests pursued by us that are not overridden by the interests or fundamental rights and freedoms of Data Subjects.
To carry out our obligations arising from the agreement entered into by Data Subjects, where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, in order for us to operate our website it is necessary for us to collect certain data about you to improve your user experience and manage the website. In addition, we use this personal information to send informational messages to clients and insureds to the extent allowed by applicable law and which are in our legitimate interests. Please also refer to our [Cookie Notice] about how we use cookies.
Disclosure of Personal Information
We do not disclose any personal information about Data Subjects to any third parties, except:
- as reasonably necessary or appropriate in connection with the arranging of services,
- to processors who are only permitted to use it to perform services for us,
- as required by law or any applicable regulatory authority, or
- to protect the rights, property, or safety of our company, its clients or others.
In these cases, we may share personal information with legal advisers, insurance carriers, other insurance brokers, accountants, regulators, companies engaged to dispose of or store data including personal information, and third parties who have a legal right to receive such information and their counsel, experts and legal advisers.
We will take reasonable necessary steps to ensure that where personal information is shared, it is treated securely and in accordance with this notice and applicable laws.
Personal Information Retention
We will endeavour not to keep personal information in a form that allows a Data Subject to be identified for any longer than is reasonably necessary for achieving the permitted purposes. At the end of the applicable retention period, we may destroy, erase from our systems, or anonymise personal information as part of such efforts. Please refer to our retention and disposal policy for more details which is available upon request.
Storage & Transfer of Personal Information
We maintain physical, electronic and procedural safeguards designed to protect Data Subjects’ personal information, prevent unlawful or unauthorised processing of personal information, and prevent unauthorized disclosure of, or accidental loss of, or damage to, such information.
We may process personal information in, and transfer personal information to, countries that may not guarantee the same level of protection for personal information as the country in which Data Subjects reside.
We will only transfer personal information to third party service providers if they agree to comply with the physical, electronic and procedural safeguards described above, or if they put in place adequate measures themselves.
Rights in relation to Personal Information
Data Subjects have certain rights in relation to their personal information, including the right to be informed about the collection and use of their personal information, as outlined in this Policy.
These include, where certain conditions are met:
- the right to request access to the personal information we hold about them,
- the right to have inaccurate information about them amended or updated,
- the right to object to processing of personal information about them,
- the right to withdraw consent at any time (where relevant),
- the right to have personal information about them erased or to restrict processing in certain limited situations,
- the right to data portability and to request the transmission of personal information about them to another organisation,
- the right to object to automated decision making that materially impacts them, direct marketing, and processing for research or statistical purposes, and
- the right to lodge complaints with applicable data supervisory authorities.
Data Subjects should use the contact information below to get more information and/or to make a formal request.
We will endeavour to keep the personal information we store about Data Subjects reasonably accurate and up-to-date by enabling clients and insureds to correct it by request. Data Subjects should notify us if any of their personal information changes or if they become aware of any inaccuracies in the personal information we hold about them.
Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time and without prior notice.
Questions
If Data Subjects have any questions in relation to this Privacy Policy, please get in touch with your usual contact who will refer to our Compliance Manager.