Who we are

This Privacy Policy (the “Policy”) sets out how we Generis Underwriting Limited (‘’Generis Underwriting Ltd.’’, ‘’Our’’ or ‘’We’’) are authorised regulated by the Financial Conduct Authority (Regulator Registration Number is 823558) and process the personal data of our customers, brokers and website visitors.

Our promise

We are committed to protecting and respecting your privacy. This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure. We will process your personal information on the basis of “Legitimate Interests” and “Explicit Consent” (as defined by the General Data Protection Regulation).

We are underwriting agents of the insurer for policies we issue. We have authority to underwrite and administer policies on behalf of the insurer. In order for us to quote and issue an insurance policy we need to collect and process certain information about the policyholder and those covered by the policy.

We want you to be confident about how we use your personal information. As a regulated company and information controller we take our responsibilities for the security and management of your personal information seriously. That’s why we invest in our systems and processes to ensure that the way we collect, use, share, and store your information meets both the regulatory and our own high standards.

The details in this document reflect changes in legislation which mean you have a right to be informed on how we use your personal data.

How to contact us

If you have any questions about this Policy, please contact our data protection officer (“DPO”). Please address all inquiries, requests, and other communications regarding your personal information or this Privacy Policy to:

The Data Protection Officer
Email – info@generisunderwriting.com
Post – 3 The Cottages, Deva City Office Park, Trinity Way, Salford M3 7BE

What information does Generis Underwriting Ltd. collect?

We only ask for information that we need and have strict controls to keep it safe. We collect your personal information to provide our products and services to you. Without the information we ask for, we can’t give you a quote or insurance policy and it may affect the outcome of any claims you make.

We may collect your full name, home address, date of birth, other identification details such as the proof of identity and proof of address documentation; your contact information, including your work related email address and telephone number, your work address, and (if you are a director, partner or other legal or beneficial owner of the Insured) your home address; criminal conviction or offence details including any actual or suspected fraud, money laundering or other crimes.

How we use your information

The purposes of use include arranging the Insured’s insurance cover (including communications about the Policy, for renewals and for administration/processing of Claims and of the Policy), for management and audit of our business operations including accounting, to verify identity/ies such as sole traders, directors, officers, partners and other legal or beneficial owners of the Insured, to perform fraud prevention and anti-money laundering checks, for establishment and defence of legal rights, to comply with legal or regulatory requirements, for other activities relating to the prevention, detection and investigation of crime, to administer accounts and provide customer service, for market research and to market our products and services and those of our Group of companies.

The legal basis includes processing necessary to perform our obligations under the Policy (if you are the individual entering into that Policy with us – e.g. sole traders); processing necessary for our legitimate interests and those of our other companies and branches, including for our good governance obligations, monitoring emails and other communications (see below) and to administer the Policy; and processing necessary for compliance with our legal obligations or those of the relevant company or branch within Generis Underwriting Ltd. to establish or defend legal claims or rights.

We may also process Personal Data based on your consent. For instance, if you request us to share it with other people or organisations; when we process special categories of personal data about you at your request (this is defined in the full version) and to send marketing communications where we have asked for consent to do so. You are free at any time to withdraw your consent. The consequence might be that our ability to administer the Policy is affected or that we cannot do certain things for you.

Data Sharing

In order to arrange the Insured’s insurance cover, or process any Claims, the Insurer may disclose Personal Data to other companies within its Group, its insurance partners and other third parties who act for the Insurer for further processing, brokers, intermediaries, agents, underwriters, loss adjusters, our legal and other professional advisers, government regulators and the Ombudsman, and other third parties and service providers who help us and our Group to operate our business; with regulatory authorities, courts and governmental agencies to comply with legal orders, legal or regulatory requirements and government requests; in the context of a sale of all or part of our group of companies or transfer of business assets; with Fraud Prevention Agencies and the Association of British Insurers (UK only) or equivalent industry bodies in your country. In some instances, it may be necessary to transfer Personal Data between the Insurer’s European and international offices. This may include Personal Data being disclosed to legal or regulatory bodies in order to comply with diverse legal regulations, including those imposed on the Insurer’s parent company based in the United States. The Insurer shall endeavour to ensure that any such data processed or disclosed is appropriately protected by technical and operational security measures and contractual measures where necessary.

Protecting your information

We will only use your personal information where we are satisfied that:

• Where required, you have provided your consent to use your data in the appropriate manner;
• We must use your personal information to perform a contract – for example, to manage your insurance policy with us;
• We have a legitimate interest as a business to use your personal information – for example, to improve our products.
• If we are required to collect sensitive personal information about you, we will make sure we have the right to do so. Typically, the right will arise from:
• Our explicit consent to collect and use the information;
• An insurance-specific exemption provided by regulations enacted by specific European Union (EU) member states, permitting the collection and use of such sensitive personal information;
• Our need to establish, exercise, or defend your legal rights as an insured or claimant, or the rights of Generis Underwriting Ltd.

Please Note: If you provide explicit consent to our collection of sensitive personal information, you may withdraw this consent to this collection and use at any time. However, your withdrawal of consent may prevent us from providing you with appropriate insurance services, and in certain circumstances it may not be possible for insurance coverage to continue. If you choose to withdraw your consent, we will inform you of the possible consequences and effects, including cancellation of your policy.

Where does your personal information go?

We may transfer your personal information to those insurers for whom we underwrite and issue policies on behalf of.

Our partner service providers. We may disclose your data to the insurers, and other partner organisations that we work with.

Our professional advisers. We may disclose your personal data to our professional advisers insofar as reasonably necessary for the purposes of managing risks, obtaining professional advice and managing legal disputes.

Where we provide your personal data to any third party. Where we share your personal data with any third party, we will ensure this processing is protected by appropriate safeguards including a suitable data processing agreement with that third party.

To comply with legal obligations. In addition to the specific disclosures of personal data detailed above, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation we have to comply with, or in order to protect your vital interests or the vital interests of another individual.

Transfers of your personal data outside of the European Economic Area
Where your personal data is transferred outside of the EEA, we will ensure that either (a) The European Commission has made an “adequacy decision” with respect to the data protection laws of the country to which it is transferred, or (b) we have entered into a suitable data processing agreement with the third party situated in that country to ensure the adequate protection of your data. In all cases, transfers outside of the EEA will be protected by appropriate safeguards

How long will we keep your information?

We will keep your personal information only so long as is necessary to provide service to you under your policy, or for the purposes described above. Specifically, we will keep your information for so long as a claim may be brought under the policy, or where we are required to keep your personal information to satisfy legal or regulatory obligations.

In some cases, we may keep your personal information for longer periods of time, in order to maintain accurate records in the event of future complaints, challenges, or litigation regarding your policy, claims, or other issues that may arise. Once your personal information is no longer required, it will be securely deleted.

Criteria used to determine the retention period
We will apply this criteria: retention in case of queries (e.g. in case of queries from you or the Insured); retention in case of claims (e.g. for the period in which the Insured might legally bring claims against us); and retention in accordance with legal and regulatory requirements (e.g. after the Policy has come to an end).

Identity verification and Fraud Prevention Checks
Your Personal Data will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment in future. It will be used to enable law enforcement agencies to access and use your Personal Data to detect, investigate and prevent crime. Fraud prevention agencies can hold your Personal Data for different periods of time, depending on how that data is being used. You can contact them for more information. If you are considered to pose a fraud or money laundering risk, they will keep it for up to six years.

Your rights

You have certain rights in relation to how we collect and use your personal information. To exercise any of these rights, please contact us as set forth below.

You have a right in certain circumstances to:

• • access the personal information we hold about you
• correct personal information
• have your personal information deleted
• restrict us processing your personal information
• receive your personal information in a portable format, and
• object to us processing your personal information

Your right to access your data – You have the right to ask us to confirm whether or not we process your personal data and, to have access to the personal data, and any additional information. That additional information includes the purposes for which we process your data, the categories of personal data we hold and the recipients of that personal data. You may request a copy of your personal data. The first copy will be provided free of charge, but we may charge a reasonable fee for additional copies.

Your right to erasure. In certain circumstances you have the right to have personal data that we hold about you erased. This will be done without undue delay. These circumstances include the following: it is no longer necessary for us to hold those personal data in relation to the purposes for which they were originally collected or otherwise processed; you withdraw your consent to any processing which requires consent; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. We will analyse each request for erasure and we will agree if there is no legitimate reason to retain the data to the normal retention period, at which point we will instruct anonymisation of the data.

Your right to restrict processing. In certain circumstances you have the right for the processing of your personal data to be restricted. This is the case where: you do not think that the personal data we hold about you is accurate; your data is being processed unlawfully, but you do not want your data to be erased; it is no longer necessary for us to hold your personal data for the purposes of our processing, but you still require that personal data in relation to a legal claim; and you have objected to processing, and are waiting for that objection to be verified. Where processing has been restricted for one of these reasons, we may continue to store your personal data. However, we will only process it for other reasons: with your consent; in relation to a legal claim; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

Your right to object to processing. You can object to us processing your personal data on grounds relating to your particular situation, but only as far as our legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest, or in the exercise of any official authority vested in us; or the purposes of our legitimate interests or those of a third party. If you make an objection, we will stop processing your personal information unless we are able to: demonstrate compelling legitimate grounds for the processing, and that these legitimate grounds override your interests, rights and freedoms; or the processing is in relation to a legal claim.

Your right to object to direct marketing. You can object to us processing your personal data for direct marketing purposes. If you make an objection, we will stop processing your personal data for this purpose.

Your right to data portability. Where you have given us consent to process your personal data for the performance of a contract, you have a legal right to receive a copy of the personal data we hold about you. We will not be accepting Data Portability files from other third party companies/individuals. When a data request is made of us we will make available all applicable personal data to you in a .CSV file or alternative machine readable format agreed by us to be passed to the appropriate third party on your instruction. We will not however process your data in this way if we believe that it may pose a threat to the security of the data.

Your right to object for statistical purposes. You can object to us processing your personal data for statistical purposes on grounds relating to your particular situation, unless the processing is necessary for performing a task carried out for reasons of public interest.

Automated data processing. To the extent that the legal basis we are relying on for processing your personal data is consent, and where the processing is automated, you are entitled to receive your personal data from us in a structured, commonly used and machine-readable format. However, you may not have this right if it would adversely affect the rights and freedoms of others.

Complaining to a supervisory authority. If you think that our processing of your personal data infringes data protection laws, you can lodge a complaint with a supervisory authority responsible for data protection. You may do this in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

Right to withdraw consent. To the extent that the legal basis we are relying on for processing your personal data is consent, you are entitled to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

Exercising your rights. You may exercise any of your rights in relation to your personal data by written notice to us in addition to the other methods specified above.

Subject Access Requests Administration: the following may apply to your request regarding your personal information:

• We will respond to all valid requests within thirty days;
• You will not be charged a fee when we process your request. We reserve the right to charge a reasonable fee if your request is unfounded, repetitive or excessive.

Links to insurers privacy notice

http://www.cnahardy.co.uk/privacy/home

Important: This Privacy Policy does not supersede the terms of any insurance policy or contract you have with Generis Underwriting Ltd nor does it limit or affect any rights you have under applicable data protection regulations.

Any Questions about the Insurer’s data protection practices should be directed to the Insurer at the details set out at the beginning of the Data Privacy Notice.