GCube Underwriting Limited  (“GCube”, “we”, “our” or “us”) hold and process data on individuals that visit our websites as well as prospective and current clients and suppliers (“you” or “your”) when you visit our websites, sign up to any of our newsletters, sign up to use any of our client portals, take part in any of our competitions or surveys or when we communicate with you as a prospective client or supplier of GCUBE. We are your Data Controller.

We take your data protection rights and our legal obligations seriously. Your Personal Information will be treated in a secure and confidential manner and only as set out in this Fair Processing Notice.

This Fair Processing Notice describes the categories of your Personal Information we process, how your Personal Information may be processed and how your privacy is safeguarded in the course of our relationship with you. It is intended to comply with our obligations to provide you with information about GCube’s processing of your Personal Information under applicable European privacy laws. It does not form part of any contract you may have with GCube.

If you have any questions regarding the processing of your Personal Information or if you believe your privacy rights have been violated, please contact our Data Protection Officer at GCube_UKDPO@gcube-insurance.com.

We may amend this Notice from time to time for example, to keep it up to date or to comply with legal requirements or changes in the way we operate our business. Please regularly check this Notice for updates.

1. Who is responsible for looking after your Personal Information?

GCube collects and processes your Personal Information when you visit our website or in your correspondence with us for the purposes described in this Fair Processing Notice.

2. What Personal Information are we collecting?

We may collect, use, store and transfer the following Personal Information about you for the purposes described in this Fair Processing Notice:

Please note that the only Special Categories of Data we may process about you is any dietary requirements that you may have. We do not collect any information about criminal convictions or offences.

Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy notices. When you leave our website, we encourage you to read the privacy notice of every website you visit.

3. How do we use your Personal Information?

We will only use your Personal information when the law allows us to. We usually use your Personal Information for the following purposes:

We have set out below a description of the ways in which we may use your Personal Information and which of the legal bases we rely on to do so.

Legal entity What the Notice covers Link to the Notice
To register you as a new or prospective client or supplier
  • Contact Details
  • Marketing and Communications Data
  • Performance of a contract with you
  • Legitimate interests (to set up our records with you as a prospective or current client or supplier)
To manage our relationship with you which will include:

  • notifying you about changes to our terms or Fair Processing Notice
  • providing you with information and materials about our products and services or our business needs
  • providing you with access to our client portals
  • asking you to leave a review or take a survey
  • communicating with you as a prospective or current client or supplier
  • Contact Details
  • Profile Data
  • Marketing and Communications Data
  • Usage Data
  • Technical Data
  • Performance of a contract with you
  • Necessary to comply with a legal obligation
  • Legitimate interests (to keep our records updated, to communicate with you as a client or prospect and to analyse our client and prospective clients’ use of our services and products)
To enable you to partake in a prize draw, competition or complete a survey or a feedback form
  • Contact Details
  • Profile Data
  • Marketing and Communications Data
  • Usage Data
  • Performance of a contract with you
  • Legitimate interests (to analyse how clients and prospective clients use our services, to develop them and to grow our business and to inform our business development strategy)
To enable us to book you onto seminars, conferences and workshops, to make travel and accommodation arrangements for you and to plan and organise your travel itinerary as part of managing and developing our client relationship with you
  • Contact Details
  • Profile Data
  • Marketing and Communications Data
  • Performance of a contract with you
  • Legitimate interests (to grow our business, to enhance business relationship and management and to inform our business development strategy)
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
  • Contact Details
  • Profile Data
  • Marketing and Communications Data
  • Usage Data
  • Technical Data
Legitimate interests (to analyse how clients and prospective clients use our services, to develop them and to grow our business and to inform our business development strategy)

4. How is your Personal Information collected?

We may collect Personal Information from and about you through the following:

 

5. Who do we share your Personal Information with?

We work with many third parties to help administer, maintain and provide our websites and client portals, facilitate our marketing strategies, campaigns, competition and surveys as well as to book travel and accommodation. These third parties may from time to time need to have access to your Personal Information and may include:

 

6. International Transfers

From time to time we may need to transfer your Personal Information to our service providers, specific third parties, regulators or to other organisations, who may be located outside the EEA. We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests:

 

7. How long do we keep your Personal Information?

We will retain your Personal Information for as long as is reasonably necessary for the purposes set out in this Fair Processing Notice. In some circumstances we may retain your Personal Information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax or accounting requirements.

In specific circumstances we may also retain your Personal Information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your Personal Information or dealings.

Where your Personal Information is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.

 

8. What are your rights?

You have a number of rights in relation to your Personal Information.

You may request access to your data, correction of any mistakes in our files, erasure of records where no longer required, restriction on the processing of your data, objection to the processing of your data, data portability and various information in relation to any Automated Decision Making and Profiling or the basis for international transfers. You may also exercise a right to complain to your Supervisory Authority. These are set out in more detail as follows:

RIGHT WHAT THIS MEANS
Access You can ask us to:

  • confirm whether we are processing your Personal Information;
  • give you a copy of Personal Information;
  • provide you with other information about your Personal Information  such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any Automated Decision Making or Profiling, to the extent that information has not already been provided to you in this Fair Processing Notice.
Rectification You can ask us to rectify inaccurate Personal Information.  We may seek to verify the accuracy of the data before rectifying it.
Erasure You can ask us to erase your Personal Information, but only where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object (see ‘Objection’ below); or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which we are subject.

We are not required to comply with your request to erase your Personal Information if the processing of your Personal Information is necessary:

  • for compliance with a legal obligation; or
  • for the establishment, exercise or defence of legal claims.

There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances where we would deny that request.

Restriction You can ask us to restrict (i.e. keep but not use) your Personal Information, but only where:

  • its accuracy is contested (see Rectification), to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your Personal Information following a request for restriction, where:

  • we have your consent (for example to process a claim); or
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person; or
  • to comply with a legal obligations to which we are subject.
Portability You can ask us to provide your Personal Information to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another Data Controller, but in each case only where:

  • the processing is based on your consent or the performance of a contract with you; and
  • the processing is carried out by automated means.
Objection You can object to any processing of your Personal Information which has our ‘legitimate interests’ as its legal basis (see Section 3) if you believe your fundamental rights and freedoms outweigh our legitimate interests.

Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

International transfers You can ask to obtain a copy of, or reference to, the safeguards under which your Personal Information is transferred outside of the EEA. We may redact data transfer agreements or related documents (i.e. obscure certain information contained within these documents) for reasons of commercial sensitivity.
Supervisory Authority You have a right to lodge a complaint with your local Supervisory Authority about our processing of your Personal Information. In the UK, the Supervisory Authority for data protection is the ICO (https://ico.org.uk/). We do ask that you please attempt to resolve any issues with us first, although you have a right to contact your Supervisory Authority at any time.

To exercise your rights you may contact us as set out in Section 9. Please note the following if you do wish to exercise these rights:

9. Contact and complaints

The primary point of contact for all issues arising from this Notice, including requests to exercise data subject rights, is our Data Protection Officer:
GCube_UKDPO@gcube-insurance.com

Data Protection Officer
GCube Underwriting Insurance Limited
155 Fenchurch Street
London
EC3M 6AL

If you have a complaint or concern about how we use your Personal Information, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time.

GLOSSARY OF TERMS

Data Controller means a natural or legal person (such as a company) which determines the means and purposes of processing of Personal Information.

EEA means the European Economic Area, which includes all countries in the EU and also Iceland, Liechtenstein and Norway.

EU means Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.

Personal Information is information that relates to a living individual. It includes information that may identify a person by name and contact details, or refer to associated information such as account activity, or personal preferences that can directly or indirectly identify an individual.

Process/Processing/Processed means any and all actions we take with respect to your Personal Information, including (without limitation) managing, viewing, holding, storing, deleting, changing, using and saving.

Special Category of Data means any Personal Information relating to your health, genetic or biometric data, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership.

Supervisory Authority means the supervisory authority for data protection, which in the United Kingdom is the ICO (https://ico.org.uk/).