Privacy



Convex Insurance

Privacy Notice

Convex Insurance is committed to protecting your privacy and ensuring that your personal information is collected and used appropriately, lawfully and transparently. This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

This Privacy Notice explains: 

  1. Who we are
  2. About the insurance market
  3. What personal information we collect
  4. Special Category Data
  5. How we will collect your personal data
  6. On what basis we collect data
  7. Who we will share your personal data with
  8. Witnesses to an incident
  9. Brokers, appointed representatives, suppliers and other business partners
  10. Perspective job applicants
  11. Profiling activities
  12. How long do we keep personal data for
  13. What is our approach to sending personal data overseas?
  14. How do we protect your personal data?
  15. Your rights
  16. Marketing
  17. Processing based on our legitimate interests
  18. Cookies
  19. Contacting us

 

  1. Who we are
    Convex insurance is a speciality insurer and reinsurer based in the UK and in Bermuda. We offer specialist insurance and reinsurance cover to individuals, companies and other insurers.

 

  1. About the insurance market
    Insurance is the pooling and sharing of risk in order to provide protection against a possible eventuality. The process includes the requirement for us to process and share your personal data with various insurance market participants such as intermediaries, insurers and reinsurers.

 

  1. What personal information we collect
    Convex Insurance collects and processes data, in order for us to deliver insurance services such as providing you with a quote, processing claims and administration purposes. We also process data for recruitment purposes, relationship management and dealing with complaints.They data that we collect from you and how we process that data will depend on our relationship with you. Consequently, we will collect relevant data dependent on whether you are an applicant (policyholder), beneficiary, a claimant, a witness, a broker, a potential employee or a third party. This also applies if you are listed as an applicant or beneficiary under a policy that someone else has with us (such as a named director under a Directors & Officers policy).

    If you make a claim against a third party who has an insurance policy with us, this section will be relevant to you and sets out our uses of your personal data.

    The type of personal information we may collect will depend on the purpose for which it is collected but may include:

  • Information to verify your identity such as passport details, driving licence and national insurance number.
  • Previous occupation and employment history, job title and professional accreditations;
  • Family, lifestyle, health and financial information.
  • Information relating to criminal and/or civil offences.
  • General information such as your name, address, contact phone numbers and email addresses, date of birth and gender.
  • Information about your relationship to the policyholder where you are the beneficiary.
  • Your bank and payment details.
  • Any financial information about you which we have obtained as a result of conducting credit checks such as bankruptcy orders, individual voluntary arrangements or country court judgments.
  • Information which we obtain as part of checking sanctions lists, such as those published by United Nations, European Union, UK Treasury, the U.S. Office of Foreign Assets Control (OFAC) and the U.S. Department of Commerce, Bureau of Industry and Security.
  • Any information which is relevant to your insurance application such as previous insurance policies you have held and claims you have made. This will also include any information specific to the type of policy you are applying for, for example, if you are applying for a fine art policy we may collect and use information which relates to your art collection.
  • Information which we have gathered from publicly available sources such as the electoral roll, newspapers and social media sites.
  • Any other information passed on from you, your insurance broker or someone else applying on your behalf.

 

  1. Special Category Data
    Sometimes we will need to collect and process, sensitive personal data ‘Special Category Data’ (which is information relating to your health, genetic or biometric data, criminal convictions, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership). As an example, we may need access to information about your health in order to provide you with a quote, provide your insurance policy, or process any claims you make. We may also need details of any unspent criminal convictions you have for fraud prevention purposes. When we require the collection of Special Category Data, we will explain why it is required and ask for your consent to process this information.

 

  1. How will we collect your personal data?
    We will collect information directly from you:
  • when you apply for or renew a policy;
  • when we are providing you with a quotation;
  • when you contact us by email, telephone and through other written and verbal communications;
  • when you apply for a role within our organisation; and
  • when you contact our third-party administrators by telephone (please note that call recording may be used).

As well as obtaining information directly from you, we will collect information from:

  • the applicant where you are a beneficiary or named under an insurance policy;
  • third parties involved in the insurance application process (such as our business partners and representatives, brokers or other insurers);
  • recruitment agencies, who you have engaged;
  • publicly available sources such as the electoral roll, court judgments, insolvency registers, internet search engines, news articles and social media sites;
  • credit reference agencies in relevant jurisdictions e.g. CallCredit, Equifax and Experian are the credit reference agencies in the UK and we employ Hire Right for pre-employment checks; and
  • financial crime detection agencies and insurance industry databases (such as for fraud prevention and checking against international sanctions) including the Claims Underwriting Exchange (known as “CUE“) operated by IDS and the Motor Insurance Anti-Fraud and Theft Register operated by the Association of British Insurers.

 

  1. On what basis do we collect data
    We will process your data for a number of purposes, and these will be conducted under a ‘lawful basis for processing’ which means that we have a legitimate interest in processing your data. We will process your personal data:
  • In the pursuit of entering into or the administration of an insurance contract with you e.g. to provide you with a quote.
  • Where we are obliged to use personal data as defined by law or regulation e.g. where regulation requires us to hold certain records on our dealings with you.
  • Where we use your data as part of our wider business records and analysis e.g. for future planning and improving our products and services.
  • Where the information that we process is classified as ‘sensitive’ or Special Category Data, we will always explain the requirement for processing this information with you and will ask for your specific consent to process data for example, such as health and / or ethnicity.

  

  1. Who will we share your personal data with?
    We will keep your personal data confidential and we will only share it where necessary for the purposes set out above with the following parties.
  • Third parties involved in the administration of the relevant insurance policy or claim. These include loss adjusters, claims handlers, private investigators, accountants, auditors, banks, lawyers and other experts including medical experts.
  • Third part providers who support our IT infrastructure (Dr Logic)
  • Other insurers (e.g. where another insurer has previous provided you with a policy or handled a claim).
  • Insurance brokers and other intermediaries.
  • Other insurers who provide our own insurance (reinsurers) and companies who arrange such reinsurance.
  • Credit reference agencies in relevant jurisdictions e.g. CallCredit, Equifax and Experian are the credit reference agencies in the UK
  • Third parties who provide sanctions checking services.
  • Insurance industry bodies (including the Employers’ Liability Tracing Office).
  • Financial crime detection agencies and insurance industry databases (such as for fraud prevention and checking against international sanctions) including the Claims Underwriting Exchange (known as “CUE“) operated by IDS and the Motor Insurance Anti-Fraud and Theft Register operated by the Association of British Insurers.
  • Our regulators including the Financial Conduct Authority, the Prudential Regulation Authority and the Information Commissioner’s Office.
  • The police, HMRC and other crime prevention and detection agencies.
  • If relevant, your policy details will also be added to the Motor Insurance Database (MID), run by the Motor Insurers’ Information Centre (MIIC).
  • Third party suppliers, agents and contractors appointed by Convex Insurance Group to help us carry out our everyday business activities including IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, our subcontractors and tax advisers.
  • Selected third parties in connection with any sale, transfer or disposal of our business.
  • Any agent or representative empowered by you to act on your behalf.
  • Any other person where necessary to perform any insurance contract with you, in order to protect ourselves from risk or to ensure regulatory compliance or good governance.

 

  1. Witnesses to an incident
    If you are a witness to an incident which is the subject of a claim, this section will be relevant to you and sets out our uses of your personal dataWe will collect personal data such as:
  • General information such as your name, address, contact phone numbers and email addresses, date of birth and gender.
  • Information relevant to the incident that you have witnessed.
  • It is not standard practice to collect special category data of witnesses to an accident. However, if you are involved in the accident and your details are supplied to us (for example, within a medical report) we might process your sensitive personal data.As well as obtaining information directly from you, we will collect information from:
  • Third parties involved in the incident you witnessed (such as brokers or other insurers, claimants, defendants or other witnesses).
  • Other third parties who provide a service in relation to the claim which relates to the incident you witnessed (such as loss adjusters, claims handlers, and experts).
  • Publicly available sources such as the electoral roll, court judgments, insolvency registers, insurance industry databases, internet search engines, news articles and social media sites.
  • Other companies within the Convex Insurance GroupYour personal data may be used for a number of purposes where we have legal grounds to do so. When processing your personal data, we rely on the following legal grounds:
  • We have a legal or regulatory obligation to do so.
  • We have a legitimate reason for processing your data, such as the investigation of an incident which is the subject of a claim or for the purpose of keeping a business record. In each circumstance we will always consider your rights and interests.

  

  1. Brokers, appointed representatives, suppliers and other business partners
    If you are a broker doing business with us, an appointed representative or other business partner such as an introducer or supplier, this section will be relevant to you and sets out our uses of your personal data.We will collect and process personal data including:
  • General information such as your name, address, contact phone numbers and email addresses, date of birth and gender.
  • Identification information such as passport details, driving licence and national insurance number.
  • Information about your job such as job title and previous roles.
  • Information which we obtain as part of checking sanctions lists, such as those published by United Nations, European Union, UK Treasury, the U.S. Office of Foreign Assets Control (OFAC) and the U.S. Department of Commerce, Bureau of Industry and Security.
  • Other information (including publicly available information) obtained as part of our due diligence checks.
  • If you attend an event with us, we may collect relevant details such as your event preferences and dietary requirements.We may also collect sensitive data such as detailed information relating to any criminal convictions (including offences and alleged offences and any court sentence or unspent criminal convictions).

    We will collect data from you directly as part of our onboarding processes for business partners and intermediaries. In addition to this we will collect data through from:

  • Invoices, contracts, policies, correspondence and business cards.
  • Publicly available sources such as internet search engines.
  • From service providers who carry out sanctions checks.We may use your personal data for a number of different purposes.  In each case, we must have a “legal ground” to do so. We will rely on the following “legal grounds”, when we process your “personal data”:
  • We need to use your personal data to enter into or perform the contract that we hold with you. For example, we may need certain information in order to operate our business partnership arrangement.
  • We have a legal or regulatory obligation to use such personal data. For example, we may be required to carry out certain background checks.
  • We need to use your personal data for a legitimate interest (e.g. to keep business records, to carry out strategic business analysis, review our business planning and to develop and improve our products and services). When using your personal data for these purposes, we will always consider your rights and interests.When the information that we process is classed as “special category data”, we must have an additional “legal ground”. We will rely on the following legal grounds when we process your “special category data”:
  • We need to use your special category data for purposes relating to an insurance policy or claim and there is a substantial public interest in such use. Such purposes include assessing an insurance application, managing claims and preventing and detecting fraud.
  • We need to use your sensitive personal data to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves.
  • We need to use such special category data for a justifiable public interest purpose on the basis of a legal requirement (e.g. security scanning of email contents to detect cyber threats)
  • As part of our onboarding process, you have provided your consent to our use of your sensitive personal data.We may use your personal data for a number of different purposes.  In each case, we must have a “legal ground” to do so. We will rely on the following “legal grounds”, when we process your “personal data”:
  • We need to use your personal data to enter into or perform the contract that we hold with you. For example, we may need certain information in order to operate our business partnership arrangement.
  • We have a legal or regulatory obligation to use such personal data. For example, we may be required to carry out certain background checks.
  • We need to use your personal data for a legitimate interest (e.g. to keep business records, to carry out strategic business analysis, review our business planning and to develop and improve our products and services). When using your personal data for these purposes, we will always consider your rights and interests.

 

  1. Prospective job applicants
    If you are applying for a job with us, this section will be relevant to you and sets out our uses of your personal data.The personal data that we will collect from you will include:
  • General information such as your name, address, contact phone numbers and email addresses, date of birth and gender.
  • Information about your job such as job title and previous roles.
  • Information about your right to work
  • Other information (including publicly available information) obtained as part of our due diligence checks.
  • In the event you attend events with us, we may collect relevant details e.g. your event preferences, dietary requirements etc.We will also collect sensitive data including, Information relating to your criminal convictions (including offences and alleged offences and any court sentence or unspent criminal convictions). In the event you attend events with us, we may collect dietary requirements. If your CV contains any trade union memberships these will be collected.

    As well as obtaining information directly from you, we will collect information from service providers e.g. recruitment companies you have instructed. Note, where we receive your CV or and do not offer you a role but consider that you have relevant skills and experience applicable to future roles, we will store it on our files for 2 years, where we will undertake periodic reviews for suitability against current vacancies unless you object, in which case we will delete it from our files.

    We may use your personal data for a number of different purposes.  In each case, we must have a “legal ground” to do so. We will rely on the following “legal grounds”, when we process your “personal data”:

  • We need to use your personal data to enter into or perform the employment contract that we hold with you. For example, we may need certain information draft an offer of employment.
  • We have a legal or regulatory obligation to use such personal data. For example, we may be required to carry out certain background checks.
  • We need to use your personal data for a legitimate interest (e.g. to keep your CV on file in case future opportunities arise). When using your personal data for these purposes, we will always consider your rights and interests.When the information that we process is classed as “special category data”, we must have an additional “legal ground”. We will rely on the following legal grounds when we process your “special category data”:
  • We need to use such special category data as an example to assess your application including but not restricted to; right to work in the UK, whether you have had judgements against unpaid debts, and to provide you with company benefits such as PMI and Pension
  • By agreeing to the application process, you have provided your consent to our use of your special category data.We will keep your personal data confidential and we will only share it where necessary for the purposes set out above with the following parties:
  • Third parties involved in the hosting, analysis and supply of recruitment services
  • Credit reference agencies in relevant jurisdictions e.g. CallCredit, Equifax and Experian are the credit reference agencies in the UK
  • Our regulators including the Financial Conduct Authority, the Prudential Regulation Authority and the Information Commissioner’s Office.
  • The police, HMRC and other crime prevention and detection agencies.
  • Third party suppliers, agents and contractors appointed by Convex Insurance UK Limited to help us carry out our everyday business activities including IT suppliers, auditors, lawyers, document management providers, outsourced business process management providers, our subcontractors and tax advisers.
  • Selected third parties in connection with any sale, transfer or disposal of our business.
  • Any agent or representative acting for you.

 

  1. Profiling activities
    Profiling is integral to the offering of insurance. We assess the risk that you would like to insure (e.g. the risk of your home being damaged by a flood) against the likelihood of that event occurring (e.g. based on the geographical location of your property and history of floods in the area). We use this profiling to help us decide whether or not to offer you insurance, the terms and the price of your policy.

 

  1. How long do we keep your personal data for?
    We will keep your personal data for as long as reasonably necessary to fulfil the purposes set out in section 3 above and to comply with our legal and regulatory obligations.We have a detailed retention policy in place which governs how long we will hold different types of information for. The exact time period will depend on your relationship with us and the type of personal data we hold, for example:
  • If we provide a quote for a policy but this is not taken up by you (or on your behalf) then we hold the associated information for 36 months.
  • If you make a claim under a policy we provide, we will keep your personal data for 10 years from the date on which the claim is closed.If you would like further information regarding the periods for which your personal data will be stored, please contact us at [email protected]

 

  1. What is our approach to sending personal data overseas?

    Sometimes we (or third parties acting on our behalf) will transfer personal data that we collect about you to countries outside of the European Economic Area (“EEA“).Where a transfer occurs, we will take steps to ensure that your personal data is protected. We will do this using a number of different methods including:

  • Putting in place appropriate confidentiality clauses in our contracts;
  • Ensuring that data is only shared where completely necessary;
  • Transfers will be completed via secure encrypted systems; and
  • Our partners will operate under the appropriate data protection and privacy requirements applicable to their jurisdiction and where possible confirmation that the firm and regime are equivalent to GDPR e.g. certified under the “Privacy Shield”, You can find out more about the Privacy Shield here.Depending on our relationship and your particular circumstances, we might transfer personal data anywhere in the world. For example, if you have a personal accident policy with us and are injured, we may need to instruct medical experts or other service providers in the country you are injured in.

 

  1. How do we protect your personal data?
    Convex UK Limited takes security of your information very seriously. We maintain appropriate technical, organisational, and physical safeguards designed to protect the personal data we process in accordance with client instructions and in line with our legal and regulatory obligations. The security measures in place on our website and computer systems are in place to protect the loss, misuse or alteration of the information you provide to us. We keep your personal data only for as long as reasonably necessary for the purpose for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements.Convex UK Limited has a number of Information Security Standards that apply, these standards cover access controls, encryption, network and host security, physical security, data recovery and business continuity. Our standards change from time to time as we react to market challenges and changing regulatory requirements.

    Because e-mails submitted via web based applications are not protected by the same security measures we use in other areas where we actively collect information, we will only ask you to provide us with basic personal data, such as your contact details, a high-level description of your enquiry e.g. aviation, shipping, etc will be sufficient for us to instigate contact. In the event that you become aware of any actual or potential misuse of any such information or for more information on IT Security please contact us at [email protected]

 

  1. Your rights

    Under data protection law you have a number of rights in relation to the personal data that we hold about you which we set out below. You can exercise your rights by contacting us at any time using the details set out in section 10. We will not usually charge you in relation to a request.Please note that although we take your rights seriously, there may be some circumstances where we cannot comply with your request such as where complying with it would mean that we couldn’t comply with our own legal or regulatory requirements. In these instances, we will let you know why we cannot comply with your request.

    In some circumstances, complying with your request may result in your insurance policy being cancelled or your claim being discontinued. For example, if you request erasure of your personal data, we would not have the information required to pay your claim. We will inform you of this at the time you make a request.

    You are entitled to a copy of the personal data we hold about you and certain details of how we use it. We will usually provide your personal data to you in writing unless you request otherwise. Where your request has been made electronically (e.g. by email), a copy of your personal data will be provided to you by electronic means where possible.

    We take reasonable steps to ensure that the information we hold about you is accurate and where necessary up to date and complete. If you believe that there are any inaccuracies, discrepancies or gaps in the information we hold about you, you can contact us and ask us to update or amend it.

    In certain circumstances, you are entitled to ask us to stop using your personal data, for example where you think that the personal data we hold about you may be inaccurate or where you think that we no longer need to use your personal data.

    Where we rely on your consent in order to process your personal data, you have the right to withdraw such consent to further use of your personal data. Please note that, if for some purposes, we need your consent in order to provide your policy. If you withdraw your consent, we may need to cancel your policy, or we may be unable to pay your claim. We will advise you of this at the point you seek to withdraw your consent.

    This is sometimes known as the ‘right to be forgotten’. It entitles you, in certain circumstances, to request deletion of your personal data. For example, where we no longer need your personal data for the original purpose, we collected it for or where you have exercised your right to withdrawn consent.

    Whilst we will assess every request, there are other factors that will need to be taken into consideration. For example, we may be unable to erase your information as you have requested because we have a regulatory obligation to keep it.

    In certain circumstances, you have the right to object to our processing.

 

  1. Marketing
    You have control over the extent to which we market to you and you have the right to request that we stop sending you marketing messages at any time.  You can do this either by clicking on the “unsubscribe” button in any email that we send to you or by contacting us at [email protected]. Please note that even if you exercise this right because you do not want to receive marketing messages, we may still need to send you service-related communications where necessary.

 

  1. Processing based on our legitimate interests
    Where we process your personal data based on our legitimate interests, you can object to our processing. We will consider your objection and determine whether or not our legitimate interests prejudice your privacy rights.In certain circumstances, you can request that we transfer personal data that you have provided to us to a third party.

    We do not carry out any automated decision making. If this changes in the future, we will provide you with an updated notice setting out our decision-making process.

    You have a right to complain to the Information Commissioner’s Office (ICO) or any other local Data Protection Regulator if you believe that we have breached data protection laws when using your personal data.

    You can visit the ICO’s website at https://ico.org.uk/ for more information.  Please note that lodging a complaint will not affect any other legal rights or remedies that you have.

  1. Cookies

    By accessing and using this website you indicate that you accept Convex UK Limited’s use of cookies. The website uses cookies which are small files of letters and numbers that Convex UK Limited puts on your computer if you allow it.The cookies that we use are:

    3 x Google Analytics

    Record of website preferences
    Cloudflare – Cloudflare uses the _cflb, _cf_bm, and _cfduid, cookies to maximize network resources, manage traffic, and protect our Customers’ sites from malicious traffic.

    You can configure your web browser to refuse cookies, to delete cookies, or to be informed if a cookie is set. The “Help” section on the menu bar of most internet browsers will tell you how to do so. You may delete and block all cookies but, if you do so, our website may not function correctly, and you may not be able to access certain areas. For more information about cookies and how to delete them, visit http://www.allaboutcookies.o

 

  1. Contacting us
    If you would like further information about any of the matters in this notice or if have any other questions about how we collect, store or use your personal data, you may contact our Data Protection Officer at [email protected] or by writing to Data Protection Officer, Convex Insurance UK Limited, 52 Lime Street, London, EC3M 7AF

 

Updates to this privacy & cookies notice

From time to time we may need to make changes to this notice, for example, as the result of changes to law, technologies, or other developments. We will update our site with the most up-to-date notice, and we recommend that you check our website periodically to view it.

This notice was last updated on 31 October 2019