Data Privacy Notice

MS Amlin Data Privacy Notice

MS Amlin is committed to protecting and respecting your privacy.

This Privacy Notice explains how MS Amlin and its relevant subsidiaries and affiliates handle any personal data we collect or receive about you, whether you are a broker, agent, other insurance intermediary, insured party, claimant or other insurer or whether you are in another business relation with us. It also covers how we use information of individuals whose data we process in connection with our products and services, even if you are not a current or prospective customer or beneficiary of our products and services, such as witnesses. We refer to personal data as any information relating to you or another living individual who is identifiable by us.

For information about what cookies are and how we use them, please read our Cookie Policy.

Where you provide us with personal data about other individuals, you must provide this Privacy Notice to them.

 Who we are

We are MS Amlin, a leading insurer and reinsurer, part of the global top 10 insurance group MS&AD, with operations in the Lloyd’s, UK, Continental European and Bermudian markets. Group legal entities include but are not limited to MS Amlin AG (trading as MS Reinsurance), MS Underwriting Limited, MS Marine NV, MS Amlin Insurance S.E. Your personal data has either been, or will be collected by, or transferred to, MS Amlin.

We seek to comply with the principle of "data minimisation". This means we work to ensure that we avoid collecting or processing data other than the types and volume of personal data required to achieve the purposes set out in this Privacy Notice. We also use a combination of technical and organisational measures to protect information in line with our obligations under data protection laws. MS Amlin workers receive training to help us comply with data protection laws and safeguard your privacy.

How to contact us

We can be contacted via post and email at the below addresses.

Post:      The Data Protection Officer

MS Amlin
MS Amlin Corporate Services
The Leadenhall Building
122 Leadenhall Street
London
EC3V 4AG

Email:  dpo@msamlin.com

Our Data Protection Officer will handle any questions you may have on the use of your personal data and your rights.

Your rights

You have right to:

  • Obtain a copy of your personal data held by MS Amlin
  • Have any incorrect personal data updated
  •  Request the erasure of any of your personal data
  • Restrict the use of your personal data
  • Object to the use of your personal data
  • Request the personal data you provided to MS Amlin to be moved to another organisation

If you wish to exercise any of these rights please contact us stating your request, verifying your identity and providing your contact details. In order for MS Amlin to respond to your requests effectively and efficiently, contact the Data Protection Officer using the details above.

We aim to respond to all valid requests within one month. It may take us longer if the request is particularly complicated or you have made several requests. We will let you know if we think a response will take longer than one month. We may also ask you to provide more detail about what you want to receive or are concerned about.

We may not always be able to do what you have asked. This is because your rights will not always apply, e.g. if it would impact the duty of confidentiality we owe to others, or if the law allows us to deal with the request in a different way. We will always explain to you how we are dealing with your request. In some circumstances (such as the right to erasure or withdrawal of consent), exercising a right might mean that we can no longer provide our products to you.

Complaints

We take complaints made to us seriously. We would expect that any complaint can best be dealt with by contacting us in the first instance. However, if you wish to complain about our use of your personal data, and do not wish to contact us first, you also have the right to complain directly to the relevant supervisory authority. Full details on this can be found on the following websites:

UK

https://ico.org.uk/

Ireland

https://dataprotection.ie/

France

https://www.cnil.fr/fr

Germany

https://www.bfdi.bund.de/

Belgium

https://www.dataprotectionauthority.be/

Netherlands

https://autoriteitpersoonsgegevens.nl/nl

Switzerland

https://www.edoeb.admin.ch/edoeb/en/home.html

Dubai

https://www.difc.ae/business/operating/data-protection/

Malaysia

https://www.pdp.gov.my/jpdpv2/

Singapore

https://www.pdpc.gov.sg/


Updates to this Notice

This Privacy Notice is updated from time to time to take account of changes in our business activities, legal requirements and to make sure it’s as transparent as possible.

Last updated: August 2023

Information about you and how we use it

Types of personal data we hold

We capture and process a variety of different types of personal data depending on the nature of the services involved. This may include:

Type of Personal Data

Example

Individual details

Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, data and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you and other details related to your status as an ultimate beneficial owner

Official identification details

Identification numbers issued by government bodies or agencies, including your national insurance number, passport number, enterprise number, tax identification number and driving licence number

Financial information

Bank account or payment card details, income or other financial information

Risk details

Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include data relating to the health, criminal convictions, or other special categories of personal data of the people to be covered. For certain types of policies, this could also include telematics data (telematics data is data relating to where and how you or those covered drive and captures information relating to speed, acceleration, braking and other similar data)

Policy information

Information about the quotes you receive and policies you take out

Credit and anti-fraud data

Credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you

Previous and current claims

Information about previous and current claims, (including other unrelated insurances), which may including data relating to your health, criminal convictions, or other special categories of personal data and in some cases surveillance reports

Sometimes we may need to process special categories of personal data. These are certain types of personal data which require additional privacy protection. The special categories are racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, sex life or sexual orientation. Personal data and special category data may be required to allow us to provide a quote, underwrite your policy, consider your claim or provide other insurance and ancillary services.

We collect data about children in some circumstances, e.g. where a child is insured on an adult's policy, where a child takes out a policy with us, car insurance for under 18s, or where a child is a claimant.

Sources of personal data

We may obtain personal data directly from you, including from applications and claims forms that you complete, communications between us, your participation in market research, your use of our website, as well as details from the devices you use to interact with our website or a telematics device, if relevant.

We may also receive your information from our policyholders e.g. when:

  • you are a joint policyholder, named driver or otherwise a beneficiary under a policy;
  • you are witness to an incident;
  • you are claiming against one of our policyholders;
  • one of our policyholders is claiming against you;
  • you are providing professional services e.g. as a medical expert.

We may also obtain personal data from third parties, including:

  • Comparison websites
  • Third parties who provide you with services relating to your product or claim, e.g. roadside assistance providers;
  • Third parties who provide us, or a third party insurer relevant to your product or claim, with services, e.g. loss adjusters, claims handlers, legal advisers, banks and private investigators;
  • Third parties involved in your product or claim, e.g. other insurers, brokers, claimants, defendants and witnesses to an incident;
  • Healthcare providers;
  • Credit reference agencies;
  • Financial crime, fraud or uninsured detection agencies, databases and sanctions lists, including the Stitching EPS who are the data controller for the Roy Data System, the Motor Insurers' Bureau (MIB) who are the data controller for the Motor Insurance Database (MID), the Claims and Underwriting Exchange (CUE), Motor Insurance Anti-Fraud Theft Register, No Claims Discount Database, Whiplash Reforms Programme, Employers' Liability Tracing Office (ELTO) and Insurance Fraud Bureau (IFB);
  • Government agencies and regulatory bodies including the police, the courts, the Crossroads Bank for Enterprises (CBE), the Financial Services and Markets Authority (FSMA), the National Bank of Belgium (NBB), the KBIS register, the ORIAS register, the Driver and Vehicle Licensing Agency (DVLA), Driver and Vehicle Standards Agency (DVSA), the Department for Work and Pensions (DWP), Companies House and HM Revenue & Customs (HMRC);
  • If you are a service provider, such as a medical expert or solicitor, regulators who regulate how you operate including the General Medical Council and the Solicitors Regulation Authority;
  • Debt advisors, including where breathing space is requested on outstanding debts;
  • Third parties who provide us with details of individuals who have expressed an interest in hearing about insurance products;
  • Third parties who provide services in relation to your policy or claim, including checking no claims discounts;
  • Third parties who help us maintain the accuracy of our data, e.g. by identifying individuals who are deceased, updating contact details for individuals who have moved and payment card providers who provide us with updated payment card details;
  • Publicly available sources including the Office for National Statistics (e.g. census data) and other data made available under the Open Government Licence, internet searches, news articles, online marketplaces and social media sites, apps and networks (e.g. Twitter, Facebook and Instagram); and
  • Providers of marketing and advertising services.

Why we use your personal data

We collect your personal data to help us with advising on, arranging, underwriting or administering an insurance contract or administering a claim under an insurance contract. Specifically:

a.      Advising on, arranging and underwriting your policy, including:

  • Performing credit or money laundering checks
  • Understanding your insurance requirements to offer you a product that matches your needs and circumstances
  • Gaining a reasonable understanding of the nature of the risk to be covered by the policy
  • Providing competitive and appropriate pricing
  • Contacting you to renew your policy for another year
  • Processing payments and refunds

b.      Administering your policy, including:

  • Managing any changes to your policy
  • Providing and improving client services as appropriate, including by recording and monitoring telephone calls
  • Maintaining contact with you and relevant third parties, for issues relating to your policy and general customer contact

c.       Administering your claims, including:

  • Registering your claims
  • Assessing your claims, including any liaison with third parties potentially involved in your claims, e.g. communications regarding car repairs or health information
  • Running due diligence checks e.g. money laundering
  • The investigation of fraudulent claims
  • The defence of or prosecution of valid and legal claims
  • Manage complaints, including to allow us to respond to any live complaints, or challenges you or others might raise later, for internal training and monitoring purposes and to help us to improve our complaints handling processes. We may be obliged to forward details about your complaints, including your personal data, to the appropriate authorities, e.g. the relevant ombudsman

d.      Further reasons, including:

  • Any sale or transfer of our policies to another company due to restructuring
  • To allow us to perform the essential practice and process of underwriting
  • To allow us operate effectively as a company
  • Analysing our clients and the products they select
  • To ensure we comply with any legal or regulatory obligations including cooperating with regulatory bodies, e.g. the ICO, FSMA, NBB, Dutch Association of Insurers, Ombuds Services, FCA, MIB and government authorities
  • The testing of our systems and processes where imitation data is unavailable. Testing which uses personal data will only by carried out in limited circumstances and only when appropriate safeguards and controls have been put in place
  • Provide marketing information in accordance with the preferences you have expressed

 

Our legal bases for processing your personal data

We are committed to collecting and using personal data in accordance with applicable data protection laws. In certain countries, by law, we must have a legal justification, known as a lawful basis, in order to use your personal data for the purposes described in this Privacy Notice. Depending upon the purpose, our lawful basis will be one of the following:

  • Performance of a contract - to arrange, underwrite or manage our products, or handle claims in accordance with their terms;
  • Compliance with a legal obligation - to meet responsibilities we have to our regulators, tax officials, law enforcement, or other legal responsibilities;
  • Legitimate interests - to operate and improve our products and services and keep people informed about our products and services or for any other purposes we identify as appropriate to our business needs, or those business needs of a third party;
  • Consent - where we have obtained appropriate consents to collect or use your Personal Information for a particular purpose.

Where we rely on legitimate interest as our lawful basis, we are required to carry out a balancing test to ensure that our interests, or those of a third party, do not override the rights and freedoms that you have as an individual. The outcome of this balancing test will determine whether we can use your personal data for the purposes described in this Privacy Notice.

Our legal bases for the use of Personal Information, where required:

Purpose

Lawful basis for processing personal data

Communicating with you and others including complaints handling

Performance of a contract

Compliance with a legal obligation

Legitimate interests

Evaluating your application or renewal or to provide a quote

Performance of a contract

Legitimate interests

Provision of our services and administration of a policy including taking payment

Performance of a contract
Compliance with a legal obligation

Legitimate interests

Managing third party relationships

Performance of a contract

Legitimate interests

Management of claims

Performance of a contract

Compliance with a legal obligation

Legitimate interests

Financial or other crime, fraud and credit checks

Performance of a contract

Compliance with a legal obligation

Legitimate interests

Improving quality, training and security

Legitimate interests

Managing our business operations e.g. accounts, financial analysis, IT applications and systems decommissioning,  internal audit

Compliance with a legal obligation

Legitimate interests

Marketing preferences

Legitimate interests

Consent 

Where we collect and use special categories of personal data we may be required to have an additional, specific lawful basis to process such information. We usually rely upon one of the following legal bases:

  • Reasons of substantial public interest:
    • insurance purposes – including advising on, arranging, underwriting and administering contracts of insurance, administering claims under a contract of insurance and exercising rights, or complying with obligations that arise in connection with contracts of insurance;
    • complying, or helping someone else comply with, a regulatory requirement relating to unlawful acts and dishonesty - including regulatory requirements to carry out money laundering checks;
    • preventing or detecting unlawful acts – including disclosures to competent authorities;
    • preventing fraud – including investigating alleged fraud;
    • safeguarding the economic well-being of certain individuals – including where we identify additional support required by our customers;
    • equality of opportunity or treatment – including where we need to keep under review the equality of treatment of customers with additional support needs.
  • Necessary to establish, exercise or defend a legal claim – including where we are faced with legal proceedings, we bring legal proceedings ourselves or where we are investigating legal proceedings that a third party has brought against you;
  • Necessary to protect your vital interests or those of another individual;
  • Information has been clearly or obviously made public by you.

Where we cannot rely on one of the above lawful bases to process your special categories of personal data for a particular purpose, we will seek your explicit consent.

Who we share personal data with

To allow us to meet our obligations and effectively provide our services to you, it may be necessary to share your personal data with Ms Amlin subsidiaries and external parties. These external parties may include:

  • Credit reference agencies
  • Anti-fraud databases
  • Banks and financial advisers
  • Claims handlers
  • Lawyers and Solicitors
  • Industry bodies, e.g., Dutch Association of Insurers
  • Loss adjusters
  • External parties involved in the claim
  • Private investigators
  • The police and law enforcement
  • The statutory auditor
  • The Motor Insurers’ Bureau – MIB
  • The Stitching EPS – Roy Data System
  • External parties involved in the investigation, defence or prosecution of claims
  • Other insurers (under court order or to prevent and detect fraud)
  • The Prudential Regulatory Authority, the National Bank of Belgium, the Financial Conduct Authority, the Information Commissioner’s Office, the Data Protection Authority and other regulators as required by law
  • Our suppliers and sub-contractors for the performance of any contract we have with them
  • Reinsurers

Your data will be shared securely, and only when absolutely necessary. It will never be sold on to external parties or organisations for marketing purposes.

If you give us false or inaccurate information and we suspect fraud, we will record this to prevent further fraud and money laundering. This may be shared between insurers and with fraud prevention agencies and databases.

Ongoing storage and use of your personal data

We will not keep personal data for longer than necessary for the purpose for which it is processed.  It will be retained in accordance with our Data Retention Standard. Laws or regulations may require us to keep records for specific periods of time. We may also need to keep records in order to administer the insurance relationship, to fulfil our contractual or statutory obligations or to resolve queries or disputes which may arise.

We will store your personal data based upon the following criteria:

  • Whether the personal data is actively required for the purposes stated in this Data Privacy Notice
  • Whether there is a legal or regulatory reason to continue to retain the personal data

International data transfers

As MS Amlin is a global insurer, we may transfer or share your data outside the European Economic Area, the United Kingdom or Switzerland for our operational procedures. Transfers may take place to Dubai, Malaysia, Singapore, Bermuda and Japan. It may also be processed by staff and contacts operating outside these locations who are working for us or one of our suppliers, for example IT infrastructure suppliers may be based in the USA or India. We will always take steps to ensure that your data is managed and transferred securely with appropriate safeguards and controls in place. 

Automated decision making and profiling

In some cases we use an automated decision making process to generate a quote to provide you with an insurance service; this process will use the information which you have provided to us, other records we hold about you in our systems and data sourced from third parties to make predictions, including the likelihood that a claim will be made and its value, the likelihood a product will be purchased and the likelihood that a claim might be fraudulent, to make an overall assessment of your application. This assessment will consider the level of risk involved and if applicable, generate a quote for the insurance service. We also make automated decisions throughout the life of your policy, e.g. before offering you a renewal or when dealing with a claim.

We use profiling and data analysis to build, train, market and audit our services.

The automated decision making and profiling process is regularly tested to ensure it remains fair, effective and unbiased. If you object to the use of automated decision making or require information about the logic involved in relation to the decision, to challenge it or would like to exercise the right to human intervention, please call us on the telephone number displayed on the quote generation page or contact the MS Amlin Data Protection Officer at dpo@msamlin.com.

Marketing

We may use personal data to send direct marketing communications about our products and services that we feel you’ll be interested in. This may include marketing relating to products offered by other brands or companies within the Ms Amlin group as well as communications about promotions.

Marketing communications may be sent by email, post, SMS, telephone and push notification. You may also see display advertising on websites, mobile applications, social media or in online search results.

You have control over our use of your personal data in relation to marketing communications. You can:

  • 'Opt out' of receiving direct marketing.
  • Change your marketing preferences at any time by emailing the Data Protection Officer at dpo@msamlin.com.