PRIVACY NOTICE - (REST OF THE WORLD)
Privacy Notice in respect of processing of personal data in the United Kingdom and European Union, applicable to individuals who are not resident in the UK or European Union – July 2021
R&Q strongly believes in protecting your privacy and the confidentiality of your personal data. Personal data is any combination of information, in the possession of or likely to come into the possession of R&Q, that can be used to identify, contact, or locate an individual. It will be treated in accordance with this Privacy Policy.
R&Q is registered under UK Data Protection legislation. It complies with this and the General Data Protection Regulation (GDPR) when processing your personal data.
GDPR Principles
GDPR principles will only apply when your personal data is processed by any R&Q company based in the United Kingdom and the European Union. The principles set out in Article 5 of the GDPR, and R&Q’s procedures for complying with these, are set out below:
Processing of Personal Data
R&Q may collect and use your personal data in its normal course of business for the following purposes:
• Internal auditing requirements
• Group reporting requirements
Lawful Basis for Processing
The Lawful Basis for our processing of the personal data for these purposes is in relation to Legitimate Interests.
If processing of personal data takes place in the European Economic Area but outside the UK, this will be in accordance with any local Data Protection legislation, to the extent that this may vary the requirements of the GDPR. If there are no material variations to the GDPR in the country in which the processing takes place, we will:
• Process any Special Category personal data (relating to an individual’s racial or ethnic origin, religious or philosophical beliefs, trade union membership, genetics and health) only if the explicit consent of the individual has been confirmed in advance.
• Not process any personal data relating to criminal convictions.
Personal Data Collected
Your Personal Data may include your name and contact details, age, social security number, information received from consumer reporting agencies, government agencies, credit references, employers, insurance companies, attorneys, and financial institutions, such as your credit history, verification of employment, criminal history and net income. This may include some “sensitive” information, for example details of criminal convictions, which will be processed only to the extent necessary for the purpose of the ensuring that the service you require is being administered correctly.
Disclosure of Information to Others
We do not disclose any of your personal data to any third parties except as set out in our Privacy Notice or as permitted by law or authorised by you.
Children - Consent
When processing personal data relating to children, we will do so on a lawful basis. In some cases, explicit consent from the child may be needed, and we will ensure that the child can understand what is being consented to and is therefore suitably informed. We will also make reasonable efforts to ensure that a person giving consent on behalf of a child holds parental responsibility for the child.
Requests to Cease Processing
If you instruct us to cease processing your personal data, this may impact upon our ability to ensure processes are being administered correctly. We may contact you to advise that the cessation of processing or the deletion of your personal data is not possible because the processing of certain data is necessary and lawful as outlined above.
Profiling and Automated Decision Making
R&Q’s operations do not include automated decision making or profiling. Data Retention Periods We will retain your Personal Data for a minimum period of 7 years and for no longer than is necessary for the purposes of the processing.
International Transfers
Depending on the circumstances, the use of Personal Data described in this Notice may involve a transfer of data outside the UK and the European Economic Area to countries that have less robust data protection laws. Any such transfer will be made with appropriate safeguards in place.
Your Rights under the General Data Protection Regulation
The European Union General Data Protection Regulation, effective 25 May 2018, sets out the following rights of Individuals relating to the processing of their Personal Data:
1. The Right to be Informed Individuals have a right be provided with fair processing information to be provided, typically through a Privacy Notice.
2. The Right of Access Individuals have a right to obtain confirmation that their data is being processed and to obtain access to their personal data.
3. The Right to Rectification Individuals have a right to have personal data rectified if it is inaccurate or incomplete. If the personal data in question has been disclosed to third parties, they must be informed of the rectification, and the individuals must also be informed of this.
4. The Right to Erasure Individuals have a right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
5. The Right to Restrict Processing Individuals have a right to stop or suppress the processing of personal data.
6. The Right to Data Portability Individuals have a right to obtain and re-use their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
7. The Right to Object Individuals have a right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
8. Rights in relation to Automated Decision-making and Profiling Individuals have a right of protection against the risk that a potentially damaging decision is taken without human intervention.
Access to Personal Data
It is important that the Personal Data we hold about you is accurate, complete and up-todate. As noted above, you have the Right of Access to your personal data and to request the amendment of any element of it that may be incorrect, and to assert your other Rights as listed above. If any of your details change you can update us through your normal contact at R&Q or by sending an e-mail to data.enquiries@rqih.com.
Questions, Requests, or Complaints
If you have any questions about this Privacy Notice, or how to exercise your rights, please contact our Data Protection Officer:
Group Data Protection Officer
R&Q Insurance Holdings Ltd
71 Fenchurch Street
London EC3M 4BS
Email: dpo@rqih.com
If you are not satisfied with our response or believe that we are not handling your Personal Information in accordance with the law you can complain to the Information Commissioner’s Office (https://ico.org.uk/) in the UK or the relevant regulatory body in the EEA (https://edpb.europa.eu/about-edpb/about-edpb/members_en#member-mt).