Effective from 21 April 2021
This notice explains what we do in relation to collecting, storing, using, sharing, processing and safeguarding Personal Data. If you believe that we may hold Personal Data and you are the Data Subject, you have various rights under relevant legislation including rights of access.
This notice also tells you about your rights and choices with respect to your personal information and how you can reach us to get answers to your questions.
MGAM Limited is a Data Controller in certain circumstances. We are registered with the Information Commissioners Office (“ICO”) under registration number ZA144370. The ICO is the UK’s independent authority set up to uphold information rights in the public interest. Their website can be found at https://ico.org.uk/
If we hold your personal data, you are a Data Subject and have a number of rights UK data protection legislation including:
The right to be informed that your data is being collected. We do this by making this notice available to you and in limited circumstances where we ask for your written consent;
The right to access your personal data and know what data we hold. You should use the contact information below in the first instance and we will ask you for proof of identity as part of the process;
The right to rectification. If you believe that your personal data held by us is inaccurate you can ask us to correct the data;
The right to erasure. You can ask us to erase your personal data but please understand that there are circumstances where we will continue to be entitled to process your data, for example in order that we may fulfil our obligations under an insurance contract;
The right to restrict processing. You can ask us to restrict how we use your data;
The right to portability. You can ask us to provide your personal data in a format that can be transmitted to another data controller;
The right to object. You can object to a data controller processing your data, typically where it is used for marketing purposes. We do not use personal data for marketing;
Rights related to automated processing, typically related to automated decisions and profiling. We do not use personal data to automate our decisions without human intervention but, you can ask is if we do this.
If you have further questions, wish to access your data, or wish to make a complaint you should contact DCO@Mgamutual.com in the first instance.
Use and Processing of Information
Although the sections below describe our primary purpose in collecting your information, in many situations we have more than one purpose. As a result, our collection and processing of your information is based on different contexts, our need to perform a contract, our obligations under law, and/or our legitimate interest in conducting our business. The Personal Data we hold, the purposes for which we hold it, and what we do with it will be different for different parties. Please click on the relevant link below to find out more.
Disclosing your information
We may provide information about you to those of our partners, whose products and services may be of interest to you.
We may use aggregate information and statistics for the purposes of monitoring website usage in order to help us develop the website and our service and may provide such aggregate information to third parties for example content partners and advertisers. These statistics will not include information that can be used to identify any individual. We will not pass on your personal information to third parties except in accordance with this policy, as required to provide products and services to you, where we are required to do so by law.
Protecting your information
Although we make every effort to create a secure environment for your personal information, MGAM cannot guarantee the safety of any personal information. No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
Some of our websites may permit you to create an account. When you do you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether or not such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account by using one of the methods listed below under “Contact Information.”
People who visit our website
We use a third-party service, Google Analytics, to collect details of website visitor patterns. We do this to understand which pages and information are of most interest to visitors to our site to enable us to update and develop the content on our site.
We do not hold any personal data about visitors to our website and our contract with Google Analytics does not permit them to do so either.
Cookies and First Party Tracking
Cookies and Third-Party Tracking
We may participate in behaviour-based advertising, which means that a third party uses technology (e.g., a cookie) to collect information about your use of our websites so that they can provide advertising about products and services tailored to your interests on our websites, or on other websites.
We have a legitimate interest in making our websites operate efficiently and in capturing websites’ analytics.
People who send emails to us
You should be aware that unless we have established Transport Layer Security (TLS) or other technical means, email traffic between us may be vulnerable to interception.
If an email you sent to us was intended for our sole use and that was made clear to us we will not share it with other parties or provide your contact details.
If an email was sent to us in connection with an insurance policy or claim where we are acting on behalf of you or your client, we may share such emails with (re)insurers, or their agents, in connection with the relevant insurance policy or claim.
They will be Data Controllers with their own obligations and responsibilities in connection with processing your data and you should contact them directly. We will only share this information where it is necessary for dealing with a claim or fulfilling an insurance policy. We can provide you with details of firms with which we have shared your personal data if you request this from us.
People who phone us
You should be aware that we record and may monitor calls, emails or other communications for the purposes of:
Staff training and quality control
Process of entering into or performance of a contract
Ensuring effective systems operation
Meeting any relevant legal and regulatory obligations
Protecting our vital interests
Detect and Prevent Crime
For the legitimate interest of the data controller.
People who complain to us
Our Terms of Business Agreements set out the process and contact points for dealing with complaints. Where we receive a complaint in relation to our services, we will file that information together with other complaint details gathered by us in the course of investigating and resolving the complaint. This information and any Personal Data will be shared with (re)insurers due to contractual obligations.
Where we receive complaints about the services of another party; for example, an insurer, we will pass details of the complaint, including any personal data provided to us, to the party responsible for the provision of the services. We will advise you where we do this. We will retain a summary of the complaint details for use in analysing the overall service experience of our clients and policyholders.
Whilst our activities are primarily concerned with placing insurance covers for commercial policyholders, in the course of quoting and placing insurance policies we may have been provided with personal data; for example details of the owners or directors of the firm.
We will only ever use this information in the course of activities necessary to enter into or fulfil an insurance contract, where required as part of the claims process or for legitimate interest. We will supply this information to insurers or their agents for these purposes and may provide information about you to our partners, whose products and services may be of interest to you for example Bright HR
Risk Management by BrightHR & BrightSafe
Our appointed Risk Management Partner, BrightHR, will contact you to help you with any ongoing risk management concerns you may have. BrightHR offers employment and workplace risk management through a suite of easy-to-use online tools, designed to reduce the risks and challenges faced by businesses like yours.
BrightSafe – It’s cloud-based software that transforms your health & safety management. You can use it to create risk assessments with ease, identify workplace hazards in real-time, keep track of upcoming safety tasks, and complete CPD-accredited e-learning courses. It even comes with a 24/7 health & safety helpline and a free mobile app, to help you manage your health & safety on the go.
BrightHR – It’s smart HR software that simplifies all your everyday admin processes. You can use it to manage staff holidays and absences, plan shifts and rotas, and keep a secure record of employee documentation. It even comes with a range of COVID-19 tools to help make your furlough, back-to-work and redundancy processes easier. Plus, with its 24/7 HR helpline, you can speak to employment law experts at any time, day or night.
For further information please see https://www.brighthr.com/terms/
We may collect your name, phone number, postal address, email address, driver’s license number, date of birth, marital status, family member information, payment information, healthcare information, policy information (e.g., policy number, policy type, coverage(s) and limit(s)) and underwriting, exposure or claims-related data.
We have a legitimate interest and a contractual obligation in collecting this information from consumers in order to accurately provide them with insurance products and services and to communicate with them concerning normal business administration such as policy servicing and billing.
In the course of collecting information to provide (re)insurers, or their agents or administrators, with the information needed to enable them to administer or agree to pay a claim, we may be provided with additional personal data where the claim is on behalf of the persons that purchased or are named in the policy.
We may also be provided with personal data, including sensitive or medical data, by third parties alleging that they have suffered an injury or other loss caused by the policyholder.
We will only ever use personal data obtained and processed as part of the claims process for the purpose of recording, communicating with (re)insurers or their agents or administrators, or, with respect to our own administration activities, to resolve the claim.
We can provide you with details of firms with which we have shared your personal data if you request this from us.
Agents, Producing Brokers, and (Re) insurers
In the course of our dealings we may be provided with personal data relating to the owners, directors, managers, and other individuals in your organisation including email addresses and telephone numbers.
This information will only be held and processed in connection with efficiently managing our business relationship and in that respect will be shared with those of our employees involved in the business between us.
People in contact with us about employment
If you, or your agent; e.g. a recruitment firm have been in contact with us in relation to a possible position that did not result in you taking up a position with us, certain personal data will have been shared with you.
If you sent the personal data directly to us we will have acted on the basis that you consented to us holding and processing the data for the purpose of a potential job role. If the personal data was sent to us by an organisation to whom you provided the personal data in relation to employment, we will similarly have acted on the basis that you consented to the data being provided.
Our policy is to destroy all such personal data within two months of receipt unless we are at that time actively in discussions about a possible specific employment role.
How long do we keep your Personal Data?
Your personal data will be kept for as long as we require it in order to provide you with the agreed product(s) or service(s). It will continue to be retained after any account, policy or service has been closed or otherwise come to an end in line with our legal and regulatory requirements, and for as long as you may legally bring claims against us.
Sharing of Information
In addition to the specific situations discussed elsewhere in this Policy, we may disclose information in the following situations:
Affiliates and Acquisitions.
We may share information with our corporate affiliates (e.g., parent company, sister companies or subsidiaries, and other companies under common control) or joint ventures to which we are a party. If another company acquires, or plans to acquire, all or a portion of our company, business, or assets, we may also share information with that company, including at the negotiation stage.
Other Disclosures without Your Consent.
We may disclose information in response to summonses, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information in order to establish or exercise our rights; to defend against or bring a legal claim; to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies; or to comply with your request for the shipment of products to or the provision of services by a third party.
We may share your information with service providers. Among other things, service providers may help us to administer our websites, conduct surveys, provide technical support, process payments, and assist in the fulfilment of insurance contracts and claims.
We can provide you with details of firms with which we have shared your personal data if you request this from us.
You may access your insurers privacy notice by following the links below: –
Allianz Insurance plc – https://www.allianz.com/en/privacy-statement.html
AmTrust International – https://amtrustfinancial.com/about-us/privacy-policy
Antares Managing Agency Ltd – https://www.qicglobal.com/privacy_notice.pdf
Arag Legal click here
Aspen Insurance UK click here
Atrium Syndicate 609 at Lloyd’s – https://www.atrium-uw.com/media/1689/atrium-privacy-notice.pdf
Builders Direct SA click here
Canopius Managing Agents Ltd – https://www.canopius.com/privacy/privacy-notice/
Convex Insurance UK Ltd click here
Eaton Gate click here
Changes to This Policy
Transmission of Information to Other Countries
As an international company, we transmit information between and among our affiliates. As a result, your information may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. Nonetheless, where possible, we take steps to treat personal information using the same privacy principles that apply pursuant to the law of the country in which we first received your information. By submitting your personal information to us, you agree to the transfer, storage and processing of your information in a country other than your country of residence. If you would like more information concerning our attempts to apply the privacy principles applicable in one jurisdiction to data when it goes to another jurisdiction, you can contact us using the contact information below.
This privacy notice does not extend to other sites accessible via links on this website. Where you access other websites via these links you should read the privacy notices contained on those sites and we can take no responsibility for personal data held or processed by the organisations concerned.
The information below describes the purposes and means by which we process personal data and the scope of use and sharing with other parties. The limitations on scope in relation to sharing with other parties do not apply where we are obliged by law or regulation to a party entitled to receive the personal data.
If you have any questions, comments, or complaints concerning our privacy practices, or, where required by law, if you would like to submit a request based on a right listed in this Policy, please contact us at the appropriate address below.
Address: Imperial House, North Street, Bromley, BR1 1SD
Phone: 0203 946 9102
Attn: Data Control Officer