GCube Underwriting Limited (“GCube”, “we”, “our” or “us”) hold and process data on individuals that visit our websites as well as prospective and current clients and suppliers (“you” or “your”) when you visit our websites, sign up to any of our newsletters, sign up to use any of our client portals, attend any JLT events, take part in any of our competitions or surveys or when we communicate with you as a prospective client or supplier of GCUBE. We are your Data Controller.
We take your data protection rights and our legal obligations seriously. Your Personal Information will be treated in a secure and confidential manner and only as set out in this Fair Processing Notice.
This Fair Processing Notice describes the categories of your Personal Information we process, how your Personal Information may be processed and how your privacy is safeguarded in the course of our relationship with you. It is intended to comply with our obligations to provide you with information about GCube’s processing of your Personal Information under applicable European privacy laws. It does not form part of any contract you may have with GCube.
If you have any questions regarding the processing of your Personal Information or if you believe your privacy rights have been violated, please contact our Data Protection Officer at GCube_UKDPO@gcube-insurance.com.
We may amend this Notice from time to time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business. Please regularly check this Notice for updates.
1. Who is responsible for looking after your Personal Information?
GCube collects and processes your Personal Information when you visit our website or in your correspondence with us for the purposes described in this Fair Processing Notice.
2. What Personal Information are we collecting?
We may collect, use, store and transfer the following Personal Information about you for the purposes described in this Fair Processing Notice:
- Contact Details which includes names, email addresses, billing and home addresses, telephone numbers, usernames or similar identifiers, marital status, title, date of birth, gender and passport information;
- Profile Data which includes your username and password, your interests, preferences, feedback and survey responses and access made to our client portals;
- Marketing and Communications Data which includes your preferences in receiving marketing from us and our third parties, your communication preferences and other marketing and communication related data;
- Images which includes your images contained in photographs and/or video recordings;
- Technical Data which includes internet protocol (IP) addresses, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website; and
- Usage Data which includes information about how you use our website.
Please note that the only Special Categories of Data we may process about you is any dietary requirements that you may have. We do not collect any information about criminal convictions or offences.
Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy notices. When you leave our website, we encourage you to read the privacy notice of every website you visit.
3. How do we use your Personal Information?
We will only use your Personal information when the law allows us to. We usually use your Personal Information for the following purposes:
- where we need to perform the contract we are about to enter into or have entered into with you;
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
- where we are required to comply with a legal or regulatory obligation or requirement.
We have set out below a description of the ways in which we may use your Personal Information and which of the legal bases we rely on to do so.
|Activity||Type of information collected||The basis on which we may the information|
|To register you as a new or prospective client or supplier||
|To manage our relationship with you which will include:
|To inform you of news and updates concerning industry specific matters and more specifically, about out products and services
To disseminate information about JLT’s activities
|To enable you to partake in a prize draw, competition or complete a survey or a feedback form||
|To enable us to book you onto seminars, conferences and workshops, to make travel and accommodation arrangements for you and to plan and organise your travel itinerary as part of managing and developing our client relationship with you||
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||
4. How is your Personal Information collected?
We may collect Personal Information from and about you through the following:
- Direct interactions where you may give us your Personal Information by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes Personal Information you provide when you:
- visit our websites,
- create an account and subscribe to access our client portals;
- subscribe to our publications;
- request for information and other materials to be sent to you;
- apply to speak to someone within GCube about one of our products or services;
- enter a competition, promotion or survey;
- request for us to book you onto seminars, workshops and conferences and to make travel and accommodation arrangements;
- attend a JLFT event or participate in any JLT activities; and
- give us some feedback.
- Third parties or publicly available sources which may include the receipt of Contact Details and marketing preferences from marketing or mailing list data providers, Technical Data from analytics providers such as Google based in or outside of the EU and/or the UK and from publicly available sources such as Companies House.
5. Who do we share your Personal Information with?
We work with many third parties to help administer, maintain and provide our websites and client portals, facilitate our marketing strategies, campaigns, competition and surveys as well as to book travel and accommodation. These third parties may from time to time need to have access to your Personal Information and may include:
- service providers such as those who help manage our IT and back office systems and processes, those who help maintain and manage our website and those that assist us in the provision of travel and accommodation services.
- Specific third parties whose details can be made available upon request.
- our regulators which may include the Information Commissioner’s Office, the Financial Conduct Authority, national Supervisory Authorities as well as other regulators and law enforcement agencies in the EU and around the world
- organisations working to prevent fraud in financial services
We may be under legal or regulatory obligations to share your Personal Information with courts, regulators, law enforcement or in certain cases insurers. Also, if we were to sell part of our businesses we would need to transfer your Personal Information to the purchaser of such businesses.
6. International Transfers
From time to time we may need to transfer your Personal Information to our service providers, specific third parties, regulators or to other organisations, who may be located outside the EEA. We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests:
- we will only transfer your Personal Information to countries which are recognised as providing an adequate level of legal protection,
- transfers to service providers and other third parties will always be protected by contractual commitments and where appropriate further assurances, such as the Standard Contractual Clauses or the certification schemes – for example, the EU – U.S. Privacy Shield for the protection of Personal Information transferred to the US.
7. How long do we keep your Personal Information?
We will retain your Personal Information for as long as is reasonably necessary for the purposes set out in this Fair Processing Notice. In some circumstances we may retain your Personal Information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements.
In specific circumstances we may also retain your Personal Information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your Personal Information or dealings.
Where your Personal Information is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.
8. What are your rights?
You have a number of rights in relation to your Personal Information.
You may request access to your data, correction of any mistakes in our files, erasure of records where no longer required, restriction on the processing of your data, objection to the processing of your data, data portability and various information in relation to any Automated Decision Making and Profiling or the basis for international transfers. You may also exercise a right to complain to your Supervisory Authority. These are set out in more detail as follows:
|RIGHT||WHAT THIS MEANS|
|Access||You can ask us to:
|Rectification||You can ask us to rectify inaccurate Personal Information. We may seek to verify the accuracy of the data before rectifying it.|
|Erasure||You can ask us to erase your Personal Information, but only where:
We are not required to comply with your request to erase your Personal Information if the processing of your Personal Information is necessary:
There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances where we would deny that request.
|Restriction||You can ask us to restrict (i.e. keep but not use) your Personal Information, but only where:
We can continue to use your Personal Information following a request for restriction, where:
|Portability||You can ask us to provide your Personal Information to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but in each case only where:
|Objection||You can object to any processing of your Personal Information which has our ‘legitimate interests’ as its legal basis (see Section 3) if you believe your fundamental rights and freedoms outweigh our legitimate interests.
Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
|International transfers||You can ask to obtain a copy of, or reference to, the safeguards under which your Personal Information is transferred outside of the EEA. We may redact data transfer agreements or related documents (i.e. obscure certain information contained within these documents) for reasons of commercial sensitivity.|
|Supervisory Authority||You have a right to lodge a complaint with your local Supervisory Authority about our processing of your Personal Information. In the UK, the Supervisory Authority for data protection is the ICO (https://ico.org.uk/). We do ask that you please attempt to resolve any issues with us first, although you have a right to contact your Supervisory Authority at any time.|
To exercise your rights you may contact us as set out in Section 9. Please note the following if you do wish to exercise these rights:
- Identity. We take the confidentiality of all records containing Personal Information seriously, and reserve the right to ask you for proof of your identity if you make a request.
- Fees. We will not ask for a fee to exercise any of your rights in relation to your Personal Information, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in the circumstances. We will let you know of any charges before completing your request.
- Timescales. We aim to respond to any valid requests within one month unless it is particularly complicated or you have made several requests, in which case we aim to respond within three months. We will let you know if we are going to take longer than one month. We might ask you if you can help by telling us what exactly you want to receive or are concerned about. This will help us to action your request more quickly.
- Exemptions. Local laws, including in the UK, provide for additional exemptions, in particular to the right of access, whereby Personal Information can be withheld from you in certain circumstances, for example where it is subject to legal privilege.
- Third Party Rights. We do not have to comply with a request where it would adversely affect the rights and freedoms of other data subjects.
9. Contact and complaints
The primary point of contact for all issues arising from this Notice, including requests to exercise data subject rights, is our Data Protection Officer:
Data Protection Officer
GCube Underwriting Insurance Limited
155 Fenchurch Street
If you have a complaint or concern about how we use your Personal Information, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time.
GLOSSARY OF TERMS
Data Controller means a natural or legal person (such as a company) which determines the means and purposes of processing of Personal Information.
EEA means the European Economic Area, which includes all countries in the EU and also Iceland, Liechtenstein and Norway.
EU means Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.
Personal Information is information that relates to a living individual. It includes information that may identify a person by name and contact details, or refer to associated information such as account activity, or personal preferences that can directly or indirectly identify an individual.
Process/Processing/Processed means any and all actions we take with respect to your Personal Information, including (without limitation) managing, viewing, holding, storing, deleting, changing, using and saving.
Special Category of Data means any Personal Information relating to your health, genetic or biometric data, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership.
Supervisory Authority means the supervisory authority for data protection, which in the United Kingdom is the ICO (https://ico.org.uk/).