Privacy Policy

Solomon Islands; Vanuatu; Papua New Guinea; Fiji 

 

1. Introduction

QBE are committed to protecting the personal data of our customers. We will only collect, use or disclose personal data in accordance with this Privacy Policy. We may amend this Privacy Policy at any time and for any reason. The updated version will be available by following the “Privacy” link on our website homepage at https://www.qbe.com/pi/. You should check the Privacy Policy regularly for changes.

 

In this Privacy Policy, “personal data” means any data:

  • relating directly or indirectly to a living individual;
  • from which it is practicable for the identity of the individual to be directly or indirectly ascertained; and
  • in a form in which access to or processing of the data is practicable.

 

2. When do we collect personal data?

We collect personal data in a number of ways. The most common circumstances in which we collect personal data are when your personal data is used for:

 

  • processing and assessing of applications for any insurance products and daily operation of the related services;
  • any alterations, variations, cancellation or renewal of any insurance and related services; and
  • any claims or investigation or analysis of such claims.

 

3. What personal data do we collect?

The types of personal data we collect from you will depend on the circumstances in which that information is collected.

 

We may collect details including but not limited to:

  • your name
  • mobile phone number
  • residential phone number
  • office phone number
  • residential address
  • correspondence address
  • email address
  • age
  • gender; and
  • occupation

 

4. What do we use personal data for?

The purposes for which your personal data will be used will depend on the circumstances in which that personal data is collected.

 

We will inform you of the purposes for which we intend to use your personal data at or before the time we collect your personal data.

 

Generally, we may use your personal data for:

  • the purpose for which you provided it to us;
  • purposes which are directly related to the purpose for which you provided it to us; and
  • any other purposes to which you have consented.

 

For example:

The information you provide to us is collected to enable us to carry on insurance business and may be used for the purpose of any insurance or financial related product or service or any alterations, variations, cancellation or renewal of such product or service; any claim or investigation or analysis of such claim; and exercising any right of subrogation, and may be transferred to 1) any related company or any other company carrying on insurance or reinsurance related business or an intermediary or a claims or investigation or other service provider providing services relevant to insurance business for any of the above or related purposes; and 2) any association or government organisation of insurance companies  that exists or is formed from time to time for any of the above or related purposes or to enable regulatory functions to be carried out.

 

5. Do we use personal data for direct marketing?

We do use some of the personal data we collect to send marketing material and special offers to our customers in accordance with local law and regulations.

 

If we intend to use your personal data for direct marketing purposes or provide your personal data to third parties for direct marketing purposes, we will inform you of that at or before the time we collect your personal data. We will provide you with an opportunity to opt-out of that direct marketing at that time if you so request.

 

If you do not opt-out of direct marketing at that time, but you later decide that you no longer wish to receive direct marketing, you may ask us to cease any further direct marketing by contacting us at the respective operation:

• Fiji: info.fiji@qbe.com 
• Papua New Guinea: info.png@qbe.com
• Solomon Islands: info.sol@qbe.com
• Vanuatu: info.van@qbe.com
 

or made in writing to the respective operation to the Personal Data Privacy Officer at the respective operation.

 

6. To whom do we disclose personal data?

The third parties to whom your personal data will be disclosed will depend on the purposes for which that personal data is used.

 

We will inform you of the third parties to whom your personal data will be disclosed at or before the time we collect your personal data.

 

Generally, we may disclose your personal data as necessary for:

  • the purpose for which you provided it to us;
  • purposes which are directly related to the purpose for which you provided it to us; and
  • any other purposes to which you have consented.

 

As outlined in the example at Point 4 above.

 

In exceptional circumstances, we may be required or permitted by law to disclose personal data, for example to law enforcement authorities or to prevent a serious threat to public safety.

 

7. How is personal data secured?

We will take all reasonably practicable steps to ensure that your personal data is protected against unauthorised access, processing, erasure, loss or use.

Our security measures include:

  • Before sending documents containing personal data to a customer, it is important to ensure that the address of the customer is accurate and up-to-date, otherwise the data is put to the risk of accidental disclosure to unrelated third parties.
  • We formulate their policies and practices to specify the period of retention of customers’ personal data.
  • Documents containing personal data such as insurance application form or policy should be securely kept against access by unauthorized parties. Personal data stored electronically in computers or portable storage devices should be protected with adequate IT security measures and access control.

8. Accessing and correcting your personal data

You may contact us to seek access to or seek to correct personal data which we hold about you. We may require that you, the person requesting access or correction, provide suitable identification and we may charge a reasonable administration fee for complying with a data access request.

 

Requests for access to and/or correction of personal data held by us, should be addressed to the respective operation to the Personal Data Privacy Officer at the respective operation.

 

9. Erasure of personal data

We will take all reasonably practicable steps to erase personal data which we hold about you where the personal data is no longer required for the purpose for which it was collected and used. If there are certain exemptions local law or regulations that apply to erasure of personal data, some data may still be retained.

 

10. Data transfers

We may transfer personal data which we hold about you overseas in the course of its processing.

 

11. Your consent and rights

By using our service, making an application or visiting our website, you consent to the collection and use of your information and other activities as outlined in this Statement.

 

12. Queries and comments

We welcome your queries or comments about our Privacy Policy and personal data collection and handling practices. Please contact the respective operation:

 

• Fiji: info.fiji@qbe.com 

• Papua New Guinea: info.png@qbe.com

• Solomon Islands: info.sol@qbe.com

Vanuatu: info.van@qbe.com

French Polynesia & New Caledonia

We process personal data in order to be able to provide our customers with the best possible service/product. We always ensure we either have a legitimate purpose to hold personal data or obtain consent. We strive to maintain the highest possible Data Protection standards and we will handle all data with the upmost care.

Our Privacy Policy

Your trust is important to us, so we want you to be aware of our Privacy Policy which explains how we collect, store and handle your personal data.

Report a Data Breach

If you suspect data about QBE’s customers, staff or other contacts has been inappropriately disclosed or you find QBE property which may contain confidential or personal data, please let our Data Protection Team know as soon as possible by completing our Data Breach Form.

Fair Processing Notice

QBE is committed to ensuring your privacy is protected. This Fair Processing Notice sets out details of the information that we may collect from you and how we may use that information. Please take your time to read this notice carefully. When using a QBE website, this notice should be read alongside the website terms and conditions and cookie policy.

QBE is part of a wider group of companies, the QBE Insurance Group, one of the world’s leading international insurers and reinsurers. As a business insurance specialist, we offer a range of insurance products from the standard suite of property, casualty and motor to the specialist financial lines, marine and energy. All are tailored to the individual needs of our small, medium and large client base.

To enable us to provide insurance services, including providing a quote and then insurance, and dealing with any claims or complaints that might arise, we need to collect and process data. This makes us a "data controller" for any personal information that you provide to us which makes us responsible for complying with data protection laws.

The specific company acting as a data controller of your personal information will be listed in the documentation we provide to you. A list of all the companies within QBE French Polynesian and New Caledonian Operations and our European Operations which act as data controllers is set out below.

  • QBE Insurance (Europe) Limited
  • QBE Underwriting Limited
  • QBE Re (Europe) Limited
  • QBE European Operations Plc
  • QBE Management Services (UK) Limited
  • QBE Management (Ireland) Limited
  • QBE Underwriting Services (Ireland) Limited
  • QBE Underwriting Services (UK) Limited
  • QBE European Services Limited
  • QBE Insurance Services (Regional) Limited
  • QBE New Caledonia - QBE Insurance (International) Pty Limited
  • QBE French Polynesia - QBE Insurance (International) Pty Limited

If you are unsure about who the data controller of your personal information is, you can also contact us at any time by e-mailing us at dpo@uk.qbe.com for Europe; info.fp@qbe.com for French Polynesia; and info.nc@qbe.com for New Caledonia.

 

Insurance involves the use and disclosure of your personal information by various insurance market participants such as intermediaries, insurers and reinsurers. The London Insurance Market Core Uses Information Notice sets out those core necessary personal information uses and disclosures. Our core uses and disclosures are consistent with the London Market Core Uses Information Notice. We recommend you review this notice (by clicking the link above).

Prospective policyholders or beneficiaries

If you apply for an insurance policy with us or where someone else (such as your employer) applies for an insurance policy which will benefit you, this section will be relevant to you and sets out our uses of your personal information.

What personal information will we collect?

  • Your name, address, date of birth and gender.
  • Contact information, including previous contact information, such as your telephone numbers and email addresses.
  • Financial information such as your bank details, payment details and information obtained as a result of our credit checks such as bankruptcy orders, individual voluntary arrangements or county court judgments.
  • Information about your relationship to the policyholder where you are the beneficiary.
  • Information relating to your identity such as your national insurance number, passport number, vehicle registration number or driving licence number.
  • Information about your job such as your job title, employment history and employment records (including information on your salary, benefits and earnings), education history and professional accreditations.
  • Information which we obtain as part of checking sanctions lists.
  • Additional information which is relevant to the insurance application such as previous insurance policies you have held and claims you have made. This will also include any information specific to the type of policy application. For example:
    • If you are applying for a property protection policy, we may collect and use information which relates to your property.
    • If a third party (such as your employer) is applying for a professional liability policy which covers you, we may collect and use personal information which relates to previous disciplinary issues.
  • Information which we have gathered from publically available sources such as internet search engines like Google, Companies House, Government department websites and social media sites, including Facebook, YouTube and LinkedIn.
  • Information obtained through our use of cookies. You can find out more information about this in section 10.

What sensitive personal information will we collect?

  • Details about your criminal convictions and any related information. This will include information relating to any offences or alleged offences you have committed and any caution, court sentence or criminal sentence which you are or have been subject to, for example if you have applied for motor fleet cover, we will request to know about any motoring convictions your employees have.
  • Details about your physical and mental health which are relevant to the insurance application (e.g. if you take out or are covered by a personal accident and travel policy, we may need details of pre-existing medical conditions or, where you apply for a motor policy, we will ask about any medical conditions which cause you as the driver to have a restricted driving licence). This may take the form of medical reports or underlying medical data such as x-rays or blood tests.
  • Whilst we do not actively collect other sensitive personal information, there may be some circumstances where you disclose the following sensitive personal information when answering our questions , for example:
    • Details of your race or ethnicity, including your nationality where we collect your driving licence for the purposes of providing a quote for motor insurance cover; and
    • When we are providing a quote for motor insurance cover, we will ask for details about your occupation which may indicate your trade union membership, political opinions, religious or philosophical beliefs - for example if you require motor insurance because you are a Church Minister.

How will we collect your personal information?

We will collect information directly from you when:

  • you apply for a policy;
  • we are providing you with a quotation;
  • you use any of the QBE Group websites;
  • you contact us to make a complaint;
  • you contact us by email, telephone and through other written and verbal communications, including our online live chat facility via our e-trading platform; and
  • you request information about our products and services or subscribe to a newsletter or bulletin.

As well as obtaining information directly from you, we will collect information from:

  • the applicant (where you are a beneficiary or named under an insurance policy);
  • third parties involved in the insurance application process (such as our business partners and representatives, brokers or other insurers);
  • publically available sources such as internet search engines like Google, Companies House, Government department websites and social media sites, including Facebook, YouTube and LinkedIn.
  • fraud prevention and detection agencies;
  • other companies within the QBE Group; and
  • credit reference agencies.

What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

  • We need to use your personal information to enter into or perform the insurance contract that we hold with you. For example, we need to use your personal information to provide you with a quote.
  • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.
  • We need to use your personal information for a justifiable purpose (e.g. to keep a record of the decisions we make when different types of applications are made, to keep business and accounting records, manage our business operations and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests.

When the information that we process is classed as “sensitive personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "sensitive personal information":

  • We need to use your sensitive personal information for purposes relating to an insurance policy or claim and there is a substantial public interest in such use. Such purposes include evaluating your insurance application and managing claims.
  • We need to use sensitive personal information for the purposes of preventing and detecting unlawful acts and there is a substantial public interest in such use. Such purposes include when we are investigating potential or suspected insurance fraud.
  • We need to use your sensitive personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
  • You have provided your consent to our use of your sensitive personal information (e.g. in relation to your marketing preferences). In some circumstances, we may need your consent to process sensitive personal information. Without it, we may be unable to offer you an insurance policy. We will always explain why your consent is necessary.
Purpose for processing Legal grounds for using your personal information Legal grounds for using your sensitive personal information
To set you up as a policyholder including carrying out fraud, sanctions, credit and anti-money laundering checks.
  • It is necessary to enter into your insurance contract.
  • We have a relevant legal or regulatory obligation.
  • We have a justifiable purpose (to assess the insurance application).
  • Such use is necessary for insurance purposes.
  • It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud or money laundering).
  • We need to establish, exercise or defend legal rights.
  • You have given us your explicit consent.
To evaluate your insurance application and provide a quote.
  • It is necessary to enter into or perform your insurance contract.
  • We have a relevant legal or regulatory obligation.
  • We have a justifiable purpose (to assess the insurance application and provide you with a quote).
  • Such use is necessary for insurance purposes.
  • You have given us your explicit consent.
Communicating with you and resolving any complaints that you might have.
  • It is necessary to enter into or perform your insurance contract.
  • We have a justifiable purpose (to send you communications, record and investigate complaints and ensure that future complaints are handled appropriately).
  • Such use is necessary for insurance purposes.
  • We need to use your information in order to establish, exercise or defend legal rights.
  • You have given us your explicit consent.
Providing improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers).
  • We have a justifiable purpose (to develop and improve the products and services we offer).
  • You have given us your explicit consent.
Complying with our legal or regulatory obligations.
  • We have a relevant legal or regulatory obligation.
  • Such use is necessary for insurance purposes.
  • You have given us your explicit consent.
  • We need to use your information in order to establish, exercise or defend legal rights.
Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice).
  • We have a relevant legal or regulatory obligation.
  • We have a justifiable purpose (to effectively manage our business operations).
  • You have given us your explicit consent.
  • We need to use your information in order to establish, exercise or defend legal rights.
Monitoring applications, reviewing, assessing, tailoring and improving our products and services and similar products and services offered by the QBE Group.
  • We have a justifiable purpose (to develop and improve the products and services offered by QBE or the QBE Group).
  • You have given us your explicit consent.
Investigating or detecting the unauthorised use of our systems, to secure our system and to ensure the effective operation of our systems.
  • We have a justifiable purpose (to ensure the integrity and security of our systems).
  • You have given us your explicit consent.
  • We need to use your information in order to establish, exercise or defend legal rights.
Transferring or selling part of our business or re-organising our company structure.
  • We have a justifiable purpose (to manage our business portfolio and re-organise our company).
  • We have a relevant legal or regulatory obligation.
  • You have given us your explicit consent.

Who will we share your personal information with?

We will keep your personal information confidential and we will only share it where necessary for the purposes set out above with the following parties:

  • Other QBE Group companies for our general administration purposes or for the prevention and detection of fraud.
  • Our insurance partners such as brokers, sub-brokers, coverholders, other insurers, reinsurers or other companies who act as insurance distributors.
  • Third parties who assist in the administration of your insurance application. These include surveyors, valuers and other experts.
  • Other insurers who provide our own insurance (reinsurers) and companies who arrange such reinsurance.
  • Third parties who provide sanctions checking services.
  • Insurance industry bodies (including the Employers’ Liability Tracing Office and the Motor Insurance Database).
  • Fraud detection agencies and other third parties who operate and maintain fraud detection registers.
  • Our regulators including the Financial Conduct Authority and the Prudential Regulation Authority.
  • The police, other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime.
  • Credit reference agencies.
  • Third party suppliers we appoint to help us carry out our everyday business activities such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers and tax advisers.
  • Third parties who undertake analysis for the purposes of product improvement.
  • Selected third parties in connection with any sale, transfer or disposal of our business.

Policyholder or beneficiary under an insurance policy

If you take out an insurance policy with us (e.g. a business interruption policy) or if you are listed as an applicant or beneficiary under a policy that someone else has with us (such as a named solicitor under a professional indemnity policy), this section will be relevant to you and sets out our uses of your personal information.

What personal information will we collect?

  • Your name, address, date of birth and gender.
  • Contact information, including previous contact information, such as your telephone numbers and email addresses.
  • Financial information such as your bank details, payment details and information obtained as a result of our credit checks such as bankruptcy orders, individual voluntary arrangements or county court judgments.
  • Information about your relationship to the policyholder where you are the beneficiary and/or not the policyholder.
  • Identification relating to your identity such as your national insurance number, passport number, vehicle registration number or driving licence number.
  • Information about your job such as job title, employment history and employment records, (including information on your salary, benefits and earnings), education history and professional accreditations.
  • Information which we obtain as part of checking sanctions lists.
  • Information relevant to your insurance policy. This will depend on the nature of the policy but could include details relating to your property or business activities.
  • Information relevant to your claim or your involvement in the matter giving rise to a claim. For example, if you make a claim following a road traffic accident, we may use personal information relating to your vehicle and named drivers.
  • Information relating to your previous policies or claims.
  • Information which we obtain as part of checking sanctions lists.
  • Information which we have gathered from publically available sources such as internet search engines like Google, Companies House, Government department websites and social media sites, including Facebook, YouTube and LinkedIn.
  • Information obtained through our use of cookies. You can find out more information about this in section 10.
  • Surveillance footage which may also include CCTV footage, video recordings, photos and reports that have been obtained by our private investigators, The Cotswold Group and other third parties which we engage to assist us with looking into claims on our behalf in relation to suspected fraud.

What sensitive personal information will we collect?

  • Details about your criminal convictions and any related information. This will include information relating to any offences or alleged offences you have committed and any caution, court sentence or criminal sentence which you are or have been subject to.
  • Details about your physical and mental health which are relevant to your policy or claim (e.g. if you take out or are covered by a travel policy, we may need details of pre-existing medical conditions). This may take the form of medical reports or underlying medical data such as x-rays or blood tests.
  • We may also collect other sensitive personal information, for example:
    • Details of race or ethnicity, including your nationality, in limited circumstances, where relevant to your claim;
    • Your political opinions (where these have been made publically available), religious or philosophical beliefs (for example, where it is relevant to your medical treatment preferences are revealed by your job description) or trade union membership;
    • Genetic data, in limited circumstances, where relevant to your claim;
    • Biometric data, such as voice recordings to analyse potentially fraudulent claims; and
    • Data concerning your sex life or sexual orientation, in limited circumstances, where relevant to your claim, such as in a claim for occupational health services.

How will we collect your personal information?

We will collect information directly from you:

  • when you apply for or renew a policy;
  • when we are providing you with a quotation;
  • when you make a claim on your policy or via the administration of a claim, or we are notified of an incident relevant to a policy;
  • when you respond to a customer survey;
  • when you use any of the QBE websites;
  • when you contact us by email, telephone (including our telephone helpline) and through other written and verbal communications, including our online live chat facility via our e-trading platform;
  • when you request information about our products and services or subscribe to a newsletter or bulletin; and
  • when you make a complaint.

As well as obtaining information directly from you, we will collect information from:

  • The named policyholder where you are a beneficiary;
  • Third parties involved in your insurance policy or claim (such as our business partners and representatives, brokers, sub-brokers, other insurers, claimants, defendants, witnesses or other individuals who provide us with information in relation to an incident);
  • Other third parties who provide a service in relation to your insurance policy or claim such as loss adjusters, claims handlers, lawyers, experts (including medical experts and medical reports), healthcare and rehabilitation providers and other service providers;
  • Emergency assistance and medical services providers;
  • Claims services providers;
  • Publically available sources such as internet search engines like Google, Companies House, Government department websites and social media sites, including Facebook, YouTube and LinkedIn.
  • Other companies within the QBE Group;
  • Credit reference agencies;
  • Insurance industry and other fraud prevention and detection databases and sanctions screening tools such as the Insurance Fraud Bureau, Insurance Fraud Register, Syndicated Intelligence for Risk Avoidance ("SIRA"), Absolute, The Cotswold Group, Validus and HMT Sanctions;
  • Insurance industry databases such as the Employers’ Liability Tracing Office, the Motor Insurance Database, Motor Insurance Bureau, the Claims Underwriting Exchange (known as "CUE") and the Motor Insurance Anti-Fraud and Theft Register;
  • Our regulators including the Financial Conduct Authority and the Prudential Regulation Authority;
  • The police where they have provided us with information and other law enforcement agencies;
  • From government agencies such as the DVLA, HMRC, DWP National Crime Agency and the Bank of England Sanctions;
  • Professional regulators such as the General Medical Council, SRA, ABI; and
  • Selected third parties in connection with any sale, transfer or disposal of our business.

What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

  • We need to use your personal information to enter into or perform the insurance contract that we hold with you. For example, we need to use your personal information to provide you with your insurance policy and other associated products (e.g. legal expenses cover). We will rely on this for activities such as handling and paying your insurance claims and preventing and detecting fraud.
  • We need to use sensitive personal information for the purposes of preventing and detecting unlawful acts and there is a substantial public interest in such use. Such purposes include when we are investigating potential or suspected insurance fraud.
  • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.
  • We need to use your personal information for a justifiable purpose (e.g. to properly investigate incidents which are the subject of a claim, to keep business and accounting records, manage our business operations and to develop and improve our products and services).

When using your personal information for these purposes, we will always consider your rights and interests. When the information that we process is classed as “sensitive personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "sensitive personal information":

  • We need to use your sensitive personal information for purposes relating to an insurance policy or claim and there is a substantial public interest in such use. Such purposes include handling and paying insurance claims.
  • We need to use such sensitive personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
  • You have provided your consent to our use of your sensitive personal information (e.g. in relation to your marketing preferences). In some circumstances, we may need your consent to process sensitive personal information (e.g. health information). Without it, we may be unable to provide your policy or handle claims. We will always explain why your consent is necessary.
Purpose for processing Legal grounds for using your personal information Legal grounds for using your sensitive personal information
To administer and manage the insurance policy.
  • It is necessary to enter into or perform your insurance contract.
  • We have a relevant legal or regulatory obligation.
  • We have a justifiable purpose (to properly manage the insurance policy).
  • Such use is necessary for insurance purposes.
  • You have given us your explicit consent.
Handling and paying insurance claims
  • It is necessary to enter into or perform your insurance contract.
  • We have a relevant legal or regulatory obligation.
  • We have a justifiable purpose (to assess and pay your claim and handle the claims process).
  • Such use is necessary for insurance purposes.
  • You have given us your explicit consent.
  • We need to use your information in order to establish, exercise or defend legal rights.
Prevention and detection of and investigating and prosecuting fraud and sanctions checking. This might include sharing your personal information with third parties such as the police, and other insurance and financial services providers and insurance industry databases.
  • It is necessary to enter into or perform your insurance contract.
  • We have a relevant legal or regulatory obligation.
  • We have a justifiable purpose (to prevent, detect and prosecute fraud and other financial crime).
  • Such use is necessary for insurance purposes.
  • It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud or money laundering)
  • We need to use your information in order to establish, exercise or defend legal rights.
  • You have given us your explicit consent.
Complying with our legal or regulatory obligations.
  • We have a relevant legal or regulatory obligation.
  • Such use is necessary for insurance purposes.
  • You have given us your explicit consent.
  • We need to use your information in order to establish, exercise or defend legal rights.
Communicating with you and resolving any complaints that you might have.
  • It is necessary to enter into or perform your insurance contract.
  • We have a relevant legal or regulatory obligation.
  • We have a justifiable purpose (to send you communications, record and investigate complaints and ensure that future complaints are handled appropriately).
  • Such use is necessary for insurance purposes.
  • We need to use your information in order to establish, exercise or defend legal rights.
  • You have given us your explicit consent.
Providing improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers).
  • We have a justifiable purpose (to develop and improve the products and services we offer).
  • You have given us your explicit consent.
Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice).
  • We have a justifiable purpose (to effectively manage our business operations).
  • We have a relevant legal or regulatory obligation.
  • You have given us your explicit consent.
  • We need to use your information in order to establish, exercise or defend legal rights.
Monitoring applications, reviewing, assessing, tailoring and improving our products and services and similar products and services offered by the QBE Group.
  • We have a justifiable purpose (to develop and improve the products and services offered by QBE or the QBE Group).
  • You have given us your explicit consent.
 Tracing and recovering debt.
  • We have a justifiable purpose (to trace and recover debt that is owed to us).
  • We need to use your information in order to establish, exercise or defend legal rights.
Investigating or detecting the unauthorised use of our systems, to secure our system and to ensure the effective operation of our systems)
  • We have a justifiable purpose (to ensure the integrity and security of our systems).
  • You have given us your explicit consent.
  • We need to use your information in order to establish, exercise or defend legal rights.
To apply for and claim on our own insurance.
  • We have a justifiable purpose (to ensure that we have appropriate insurance in place).
  • Such use is necessary for insurance purposes.
  • We need to use your information in order to establish, exercise or defend legal rights.
  • You have given us your explicit consent.
Transferring or selling part of our business or re-organising our company structure.
  • We have a justifiable purpose (to manage our business portfolio and re-organise our company).
  • We have a relevant legal or regulatory obligation.
  • You have given us your explicit consent.

Who will we share your personal information with?

  • Other QBE Group companies for our general administration purposes, marketing purposes in accordance with the preferences you have expressed or for the prevention and detection of fraud.
  • Our insurance partners such as brokers, sub-brokers, reinsurers or other companies who act as insurance distributors.
  • Third parties who assist in the administration of insurance policies or the handling of claims. These include loss adjusters, claims handlers, private investigators, accountants, auditors, banks, lawyers and other experts including medical experts.
  • Other insurers who provide our own insurance (reinsurers) and companies who arrange such reinsurance.
  • Third parties who provide sanctions checking services.
  • Insurance industry bodies (including the Employers’ Liability Tracing Office and the Motor Insurance Database).
  • Fraud detection agencies and other third parties who operate and maintain fraud detection registers.
  • Investigative firms and third parties, such as The Cotswold Group, who we ask to look into claims on our behalf in relation to suspected fraud.
  • Health providers (for example, a hospital which is responsible for any treatment you receive through the policy or a rehabilitation provider).
  • Our regulators including the Financial Conduct Authority and the Prudential Regulation Authority.
  • The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime.
  • Debt collection agencies.
  • Credit reference agencies.
  • Our third party service providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers, outsourced business process management providers, our subcontractors and tax advisers.
  • Third parties who undertake analysis for the purposes of product improvement.
  • Selected third parties in connection with any sale, transfer or disposal of our business.
  • Government departments, such as Department for Work and Pensions ("DWP"), in connection with personal injury claims, including disclosing information on any hospitals that you have attended.
  • Policyholders, for the purposes of claims review meetings and discussing claims experiences.

Third party claimant and prospective claimants and third parties under commercial insurance policies

If you make a claim, or are intending to make a prospective claim, against a third party who has an insurance policy with us, this section will be relevant to you and sets out our uses of your personal information.

What personal information will we collect?

  • Your name, address, date of birth and gender.
  • Contact information, including previous contact information, such as your telephone numbers and email addresses.
  • Financial information such as your bank details, payment details and information obtained as a result of our credit checks such as bankruptcy orders, individual voluntary arrangements or county court judgments.
  • Information relating to your identity such as your national insurance number, passport number, vehicle registration number or driving licence number.
  • Information about your job such as job title, employment history and employment records (including information on your salary, benefits and earnings), education history and professional accreditations.
  • Information relating to previous insurance policies you have held and claims you have made.
  • Information relevant to your claim or your involvement in the matter giving rise to a claim. For example, if you make a claim following a road traffic accident, we may use personal information relating to your vehicle and named drivers.
  • Information relating to your previous claims.
  • Information which we obtain as part of checking sanctions lists.
  • Information we have obtained from insurance industry databases such as the Employers’ Liability Tracing Office, the Motor Insurance Database, Motor Insurance Bureau, the Claims Underwriting Exchange (known as "CUE") and the Motor Insurance Anti-Fraud and Theft Register;
  • Information which we have gathered from publically available sources such as internet search engines like Google, Companies House, Government department websites and social media sites, including Facebook, YouTube and LinkedIn.
  • Surveillance footage which may also include CCTV footage, video recordings, photos and reports that have been obtained by our private investigators, The Cotswold Group and other third parties which we engage to assist us with looking into claims on our behalf in relation to suspected fraud.

What sensitive personal information will we collect?

  • Details about your criminal convictions and any related information. This will include information relating to any offences or alleged offences you have committed and any caution, court sentence, or criminal sentence which you are or have been subject to.
  • Details about your physical and mental health which are relevant to your claim (e.g. because you have been injured whilst at a property insured by us). This may take the form of medical reports or underlying medical data such as x-rays or blood tests.
  • We may also collect other sensitive personal information, in limited circumstances, where relevant to your claim, for example:
    • Details of your race or ethnicity, including your nationality;
    • Your political opinions, religious or philosophical beliefs or trade union membership;
    • Genetic data;
    • Biometric data, such as voice recordings to analyse potentially fraudulent claims; and
    • Data concerning your sex life or sexual orientation, such as in a claim for occupational health services.

How will we collect your personal information?

As well as obtaining information directly from you, we may collect information from:

  • The party who holds a policy with us.
  • Third parties involved in the insurance policy or claim (such as our business partners and representatives, brokers, sub-brokers, other insurers, claimants, defendants, witnesses or other individuals who provide us with information in relation to an incident to an incident).
  • Other third parties who provide a service in relation to your claim such as loss adjusters, claims handlers, solicitors and professional experts (including medical experts), healthcare and rehabilitation providers and other service providers.
  • Emergency assistance and medical services providers.
  • Claims services providers.
  • Publically available sources such as internet search engines like Google, Companies House, Government department websites and social media sites, including Facebook, YouTube and LinkedIn.
  • Other companies within the QBE Group.
  • Insurance industry and other fraud prevention and detection databases and sanctions screening tools such as the Insurance Fraud Bureau, Insurance Fraud Register, Syndicated Intelligence for Risk Avoidance ("SIRA"), Absolute, The Cotswold Group, Validus, HMT Sanctions and contracted vendor data wash tools.
  • Insurance industry databases such as the Employers' Liability Tracing Office, the Motor Insurance Database, Motor Insurance Bureau and the Claims Underwriting Exchange (known as "CUE").
  • The police where they have provided us with information and other law enforcement agencies.
  • Government agencies such as the DVLA, HMRC, DWP, National Crime Agency and the Bank of England Sanctions.
  • Professional regulators such as the General Medical Council, SRA and ABI.

What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

  • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.
  • We need to use your personal information for a justifiable purpose (e.g. to properly investigate incidents which are the subject of a claim, to keep business and accounting records, manage our business operations and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests.

When the information that we process is classed as “sensitive personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "sensitive personal information":

  • We need to use your sensitive personal information for purposes relating to an insurance policy or claim and there is a substantial public interest in such use. Such purposes include handling and paying claims.
  • We need to use sensitive personal information for the purposes of preventing and detecting unlawful acts and there is a substantial public interest in such use. Such purposes include when we are investigating potential or suspected insurance fraud.
  • We need to use such sensitive personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or we are considering the claim that has been made against our policyholder.
  • You have provided your consent to our use of your personal information. In some circumstances, we may need your consent to process sensitive personal information (e.g. health information). Without it, we may be unable to handle your claims. We will always explain why your consent is necessary.
Purpose for processing Legal grounds for using your personal information Legal grounds for using your sensitive personal information
Handling and paying claims.
  • We have a justifiable purpose (to assess and pay your claim and handle the claims process).
  • We need to use your information in order to comply with our legal obligations.
  • Such use is necessary for insurance purposes.
  • We need to use your information in order to establish, exercise or defend legal rights.
  • You have given us your explicit consent.
Prevention and detection of and investigating and prosecuting fraud and sanctions checking.  This might include sharing your personal information with third parties such as the police, and other insurance and financial services providers and insurance industry databases.
  • We have a justifiable purpose (to prevent, detect and prosecute fraud and other financial crime).
  • We have a relevant legal or regulatory obligation.
  • Such use is necessary for insurance purposes.
  • It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud or money laundering).
  • We need to use your information in order to establish, exercise or defend legal rights.
  • You have given us your explicit consent.  
Complying with our legal or regulatory obligations.
  • We have a relevant legal or regulatory obligation.
  • Such use is necessary for insurance purposes.
  • You have given us your explicit consent.
  • We need to use your information in order to establish, exercise or defend legal rights.
Communicating with you and resolving any complaints that you might have.
  • We have a relevant legal or regulatory obligation.
  • We have a justifiable purpose (to send you communications, record and investigate complaints and ensure that future complaints are handled appropriately).
  • Such use is necessary for insurance purposes.
  • We need to use your information in order to establish, exercise or defend legal rights.
  • You have given us your explicit consent.
Providing improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers).
  • We have a justifiable purpose (to develop and improve the products and services we offer).
  • You have given us your explicit consent.
Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice). For business processes and activities including analysis, review, planning and business transaction.
  • We have a justifiable purpose (to effectively manage our business operations).
  • We have a relevant legal or regulatory obligation.
  • You have given us your explicit consent.
  • We need to use your information in order to establish, exercise or defend legal rights.
Tracing and recovering debt.
  • We have a justifiable purpose (to trace and recover debt that it is owed to us)
  • We need to use your information in order to establish, exercise or defend legal rights.
To apply for and claim on our own insurance.
  • We have a justifiable purpose (to ensure that we have appropriate insurance in place).
  • Such use is necessary for insurance purposes.
  • We need to use your information in order to establish, exercise or defend legal rights.
  • You have given us your explicit consent.
Investigating or detecting the unauthorised use of our systems, to secure our systems and to ensure the effective operation of our systems).
  • We have a justifiable purpose (to ensure the integrity and security of our systems).
  • You have given us your explicit consent.
  • We need to use your information in order to establish, exercise or defend legal rights.
Transferring or selling part of our business or re-organising our company structure.
  • We have a justifiable purpose (to manage our business portfolio and re-organise our company).
  • We have a relevant legal or regulatory obligation.
  • You have given us your explicit consent.

Who will we share your personal information with?

We will keep your personal information confidential and we will only share it where necessary for the purposes set out above with the following parties.

  • Other QBE Group companies for our general administration purposes, marketing purposes in accordance with the preferences you have expressed or for the prevention and detection of fraud.
  • Our insurance partners such as brokers, sub-brokers, reinsurers or other companies who act as insurance distributors.
  • Third parties who assist in the administration of your claim such as loss adjusters, claims handlers, private investigators, accountants, auditors, banks, lawyers and other experts including medical experts.
  • Other insurers (e.g. where another insurer is also involved in a claim that you are making).
  • Other insurers who provide our own insurance (reinsurers) and companies who arrange such reinsurance.
  • Third parties who provide sanctions checking services.
  • Insurance industry bodies (including the Employers’ Liability Tracing Office).
  • Fraud detection agencies and other third parties who operate and maintain fraud detection registers.
  • Investigative firms we ask to look into claims on our behalf in relation to suspected fraud.
  • Health providers (for example, a hospital which is responsible for any treatment you receive through the policy or a rehabilitation provider).
  • Our regulators including the Financial Conduct Authority and the Prudential Regulation Authority.
  • The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime.
  • Our third party service providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers, outsourced business process management providers, our subcontractors and tax advisers.
  • Selected third parties in connection with any sale, transfer or disposal of our business.
  • Government departments, such as DWP, in connection with personal injury claims, including disclosing information on any hospitals that you have attended.

Witnesses to an incident or other individuals who provide us with information in relation to an incident

If you are a witness to an incident or an individual who otherwise provides us with information in relation to an incident which is the subject of a claim, this section will be relevant to you and sets out our uses of your personal information.

What personal information will we collect?

  • Your name, address, date of birth and gender.
  • Contact information, including previous contact information, such as your telephone numbers and email addresses.
  • Information relevant to the incident that you have witnessed.
  • Information which we have gathered from publically available sources such as internet search engines like Google, Companies House, Government department websites and social media sites, including Facebook, YouTube and LinkedIn.

What sensitive personal information will we collect?

We do not routinely process sensitive personal information of witnesses. However, we may do so if it is relevant to the incident that you have witnessed (for example, if you have a health condition which may affect your witness statement).

How will we collect your information?

As well as obtaining information directly from you, we will collect information from:

  • Third parties involved in the incident you witnessed (such as brokers, sub-brokers, other insurers, claimants, defendants, other witnesses or other individuals who provide us with information in relation to an incident).
  • Other third parties who provide a service in relation to the claim which relates to the incident you witnessed such as loss adjusters, claims handlers, and experts (including medical experts), healthcare and rehabilitation providers and other service providers.
  • Publically available sources such as internet search engines like Google, Companies House, Government department websites and social media sites, including Facebook, YouTube and LinkedIn.
  • Other companies within the QBE Group.

What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

  • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.
  • We need to use your personal information for a justifiable purpose (e.g. to properly investigate incidents which are the subject of a claim, to keep business and accounting records, managing our business operations and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests.

When the information that we process is classed as “sensitive personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "sensitive personal information":

  • We need to use your sensitive personal information for purposes relating to an insurance policy or claim and there is a substantial public interest in such use. Such purposes include managing claims and preventing and detecting fraud.
  • We need to use such sensitive personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves.
  • You have provided your consent to our use of your sensitive personal information.
Purpose for processing Legal grounds for using your personal information Legal grounds for using your sensitive personal information
Handling and paying claims.
  • We have a justifiable purpose (to assess and pay claims and handle the claims process).
  • We have a relevant legal or regulatory obligation.
  • Such use is necessary for insurance purposes.
  • We need to use your information in order to establish, exercise or defend legal rights
  • You have given us your explicit consent.
Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice). For business processes and activities including analysis, review, planning and business transactions.
  • We have a justifiable purpose (to effectively manage our business operations).
  • We have a relevant legal or regulatory obligation.
  • You have given us your explicit consent.
Complying with our legal or regulatory obligations.
  • We have a relevant legal or regulatory obligation.
  • Such use is necessary for insurance purposes.
  • You have given us your explicit consent.
  • We need to use your information in order to establish, exercise or defend legal rights.
Prevention and detection of and investigating and fraud. This might include sharing your personal information with third parties such as the police, and other insurance and financial services providers and insurance industry databases.
  • We have a justifiable purpose (to prevent and detect fraud and other financial crime).
  • We have a relevant legal or regulatory obligation.
  • Such use is necessary for insurance purposes.
  • It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud or money laundering).
  • We need to use your information in order to establish, exercise or defend legal rights.
  • You have given us your explicit consent.
Providing improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers).
  • We have a justifiable purpose (to develop and improve the products and services we offer).
  • You have given us your explicit consent.
Investigating or detecting the unauthorised use of our systems, to secure our system and to ensure the effective operation of our systems).
  • We have a justifiable purpose (to ensure the integrity and security of our systems).
  • We need to use your information in order to establish, exercise or defend legal rights.
  • You have given us your explicit consent
Transferring or selling part of our business or re-organising our company structure.
  • We have a justifiable purpose (to manage our business portfolio and re-organise our company).
  • We have a relevant legal or regulatory obligation.
  • You have given us your explicit consent.

We will keep your personal information confidential and we will only share it where necessary for the purposes set out above with the following parties:

  • Other QBE Group companies for our general administration purposes or for the prevention and detection of fraud.
  • Our insurance partners such as brokers, sub-brokers, reinsurers or other companies who act as insurance distributors.
  • Third parties who assist in the administration of the insurance policy or claim. These include loss adjusters, claims handlers, private investigators, accountants, auditors, banks, lawyers and other experts including medical experts.
  • Other insurers (e.g. where another insurer is also involved in the claim which relates to the incident you witnessed).
  • Other insurers who provide our own insurance (reinsurers) and companies who arrange such reinsurance.
  • Fraud detection agencies and other third parties who operate and maintain fraud detection registers.
  • Investigative firms we ask to look into claims on our behalf in relation to suspected fraud.
  • Our regulators including the Financial Conduct Authority and the Prudential Regulation Authority.
  • The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime.
  • Our third party service providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers, outsourced business process management providers, our subcontractors and tax advisers.
  • Selected third parties in connection with any sale, transfer or disposal of our business.

Brokers, sub-brokers appointed representatives and other business partners, such as lawyers and claims handlers

If you are a broker or sub-broker doing business with us, an appointed representative or other business partner such as a lawyer or claims handler, this section will be relevant to you and sets out our uses of your personal information.

What personal information will we collect?

  • Your name, address, date of birth and gender.
  • Contact information, including previous contact information, such as your telephone numbers and email addresses.
  • Information relating to your identity such as national insurance number, passport number, vehicle registration number or driving licence number.
  • Information about your job such as job title and previous roles
  • .
  • Information which we obtain as part of checking sanctions lists.
  • Information which we have gathered from publically available sources such as internet search engines like Google, Companies House, Government department websites and social media sites, including Facebook, YouTube and LinkedIn.

What sensitive personal information will we collect?

  • Information relating to your criminal convictions (including offences and alleged offences and any court sentence or unspent criminal convictions).

How will we collect your information?

As well as obtaining information directly from you, we will collect information from:

  • Other QBE Group companies.
  • Publically available sources such as internet search engines like Google, Companies House, Government department websites and social media sites, including Facebook, YouTube and LinkedIn.
  • From service providers who carry out sanctions checks.

What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

  • We need to use your personal information to enter into or perform the contract that we hold with you. For example, we may need certain information in order to operate our business partnership arrangement.
  • We have a legal or regulatory obligation to use such personal information. For example, we may be required to carry out certain background checks.
  • We need to use your personal information for a justifiable purpose (e.g. to keep business and accounting records, manage our business operations and to improve quality, training and security). When using your personal information for these purposes, we will always consider your rights and interests.

When the information that we process is classed as “sensitive personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "sensitive personal information":

  • We need to use your sensitive personal information for purposes relating to an insurance policy or claim and there is a substantial public interest in such use. Such purposes include communicating with you to manage and handle your queries.
  • We need to use your sensitive personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves.
  • You have provided your consent to our use of your sensitive personal information.

Purpose for processing Legal grounds for using your personal information Legal grounds for using your sensitive personal information
Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice).For business processes and activities including analysis, review, planning and business transaction.
  • We have a justifiable purpose (to effectively manage our business operations).
  • We have a relevant legal or regulatory obligation.
  • You have given us your explicit consent.
  • We need to use your information in order to establish, exercise or defend legal rights
To provide key business services such as policy and claims administration
  • We have a justifiable purpose (to effectively provide insurance services and rely on the expertise of other third parties to assist)
  • Not applicable.
To build and maintain our business relationships
  • We have a justifiable purpose (to build strong business relationships and manage such relationships).
  • Not applicable.
To communicate with you and provide you with marketing communications.
  • We have a justifiable purpose (to operate and develop our business).
  • Not applicable.
Complying with our legal or regulatory obligations.
  • We need to use your information in order to comply with our legal obligations.
  • You have given us your explicit consent.
  • Such use is necessary for insurance purposes.
  • We need to use your information in order to establish, exercise or defend legal rights.
Providing improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers).
  • We have a justifiable purpose (to develop and improve the products and services we offer).
  • Not applicable.
Communicating with you to manage and handle your queries.
  • We have a justifiable purpose (to send you communications to effectively manage our business and respond to your queries).
  • It is necessary to enter into or perform our contract with you.
  • Not applicable.
Investigating or detecting the unauthorised use of our systems, to secure our systems and to ensure the effective operation of our systems).
  • We have a justifiable purpose (to ensure the integrity and security of our systems).
  • We need to use your information in order to establish, exercise or defend legal rights.
  • You have given us your explicit consent
Transferring or selling part of our business or re-organising our company structure.
  • We have a justifiable purpose (to manage our business portfolio and re-organise our company).
  • We have a relevant legal or regulatory obligation.
  • You have given us your explicit consent.

Who will we share your personal information with?

We will keep your personal information confidential and we will only share it where necessary for the purposes set out above with the following parties:

  • Our policyholders and other third parties such as claimants where relevant.
  • Other QBE Group companies for our general administration purposes, marketing purposes in accordance with the preferences you have expressed or for the prevention and detection of fraud.
  • Our insurance partners such as brokers, sub-brokers, reinsurers or other companies who act as insurance distributors.
  • Third parties who assist in the administration of the insurance policy or claim. These include loss adjusters, claims handlers, private investigators, accountants, auditors, banks, lawyers and other experts including medical experts.
  • Other insurers who provide our own insurance (reinsurers) and companies who arrange such reinsurance.
  • Third parties who provide sanctions checking services.
  • Fraud detection agencies and other third parties who operate and maintain fraud detection registers.
  • Our regulators including the Financial Conduct Authority and the Prudential Regulation Authority.
  • The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime.
  • Our third party service providers such as IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, our subcontractors and tax advisers.
  • Selected third parties in connection with any sale, transfer or disposal of our business.

Users of the QBE websites

If you are a user of the QBE websites, this section will be relevant to you and sets out our uses of your personal information.

What personal information will we collect?

  • General information submitted via the website, for example where you provide your details via the contact us section such as your name, contact details (telephone numbers and email addresses) and company name.
  • Information submitted through the claim reporting tool for motor incidents including names of drivers, injured persons, witnesses, Police and insurer details, dates of birth and contact details including address, phone number and email address
  • Information obtained through our use of cookies. You can find more information about this in section 10.

What sensitive personal information will we collect?

Information submitted through the claim reporting tool for motor incidents including:

  • Details about criminal convictions and any related information. This will include information relating to any offences or alleged offences committed and any caution, court sentence, or criminal sentence which you or your drivers are or have been subject to.
  • Details about known medical conditions
  • Details of any injuries which have been suffered by a beneficiary or a third party.

How will we collect your personal information?

We will collect your information directly from our website.

What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

  • We need to use your personal information for a justifiable purpose (e.g. to monitor the number of visitors and usage of our website, to follow up on enquiries and to provide marketing information to you). When using your personal information for these purposes, we will always consider your rights and interests.

Who will we share your personal information with?

We will keep your personal information confidential and we will only share it where necessary for the purposes set out above with our QBE Group companies.

Purpose for processing Legal grounds for using your personal information Legal grounds for using your sensitive personal information
To follow up on enquiries you make.
  • We have a justifiable purpose (to respond to your queries).
  • You have given us your explicit consent.
  • Such use is necessary for insurance purposes.
To provide marketing information to you (including information about other products and services and undertaking customer surveys) in accordance with preferences you have expressed.
  • We have a justifiable purpose (to send you selected communications about other products and services we offer)
  • • You have given us your explicit consent.

We only send marketing communications to our business contacts such as brokers, sub-brokers, appointed representatives and other business partners. We will send marketing communications via post, email, telephone and social media.

You can opt-out of marketing communications at any time by contacting us using the details set out in section 11 below.

We will keep your personal information for as long as reasonably necessary to fulfil the purposes set out in section 3 above and to comply with our legal and regulatory obligations.

We have a detailed retention policy in place which governs how long we will hold different types of information for. The exact time period will depend on your relationship with us and the type of personal information we hold, for example:

  • If you take out a policy with us but do not make a claim, we will keep your personal information for 7 years from the expiry of your policy.
  • If you make a claim under a policy we provide, we will keep your personal information for 7 years from the date on which the claim is settled.
  • If we have a business relationship with you, we will retain your details for the lifetime of such relationship and for 7 years after.

If you would like further information regarding the periods for which your personal information will be stored, please contact us using the details set out in section 11.

Sometimes we (or third parties acting on our behalf) will transfer personal information that we collect about you to countries outside of the European Economic Area ("EEA").

Where a transfer occurs we will take steps to ensure that your personal information is protected. We will do this using a number of different methods including:

  • putting in place appropriate contracts. We will use a set of contract wording known as the "Standard Contractual Clauses" which has been approved by the data protection authorities. You can find out more about the Standard Contractual Clauses here.
  • transferring personal information only to countries which have been deemed by European data protection authorities to have adequate levels of data protection. You can find out more about this here.
  • transferring personal information only to those companies in the United States which are certified under the "Privacy Shield". The Privacy Shield is a scheme under which companies certify that they provide an adequate level of data protection. You can find out more about the Privacy Shield here.

Depending on our relationship and your particular circumstances, we might transfer personal information anywhere in the world. A summary of our regular data transfers outside the EEA is set out below:

If you would like further information regarding our data transfers and the steps we take to safeguard your personal information, please contact us using the details set out in section 11.

Country of transfer Reason for the transfer Method we use to protect your information
Australia Reporting to our parent company Standard Contractual Clauses
Australia Reporting to our parent company Standard Contractual Clauses
Philippines Some of our back-office functions are provided by our Group Shared Services Centre in the Philippines. Standard Contractual Clauses
USA Our email system is provided through a hosted service with servers located in the USA. Standard Contractual Clauses
India Some of our third party IT and technology suppliers provide some of their services from India. Standard Contractual Clauses

We have a package of technical and organisational measures in place to protect your personal information which have been adopted to comply with the latest data protection requirements. The measures cover various aspects of data security including the following: 

  • Encryption, data masking and activity logging as appropriate
  • Putting in place access controls and maintaining access logs
  • Having minimum password requirements and requiring regular changes to passwords
  • Having physical access controls to our offices
  • Implementing procedures for security incident management and back-up and recovery and having in place disaster recovery and business continuity plans
  • Use of firewalls and up-to-date virus scanning software and email filtering services
  • Providing regular security and privacy/data protection training for all our employees

Our security measures are kept under periodic review and are regularly updated to reflect developments in technology and security and changes to our business. However, please be aware that there are inherent security risks in transmitting data, such as e-mails or via the Internet, because it is impossible to safeguard completely against unauthorised access by third parties.

What is profiling?

Profiling is any form of automated processing of personal information to evaluate certain personal aspects. Insurance underwriting, and sometimes claims payment, is based on profiling as it assesses the event that you are seeking to insure and the likelihood of that event occurring.

We use profiling as part of:

  • Assessing insurance applications. For example, when we are considering whether or not to offer a motor policy, we will consider the likelihood of an accident occurring (e.g. using your claims history) and the likely cost of replacing your vehicle (e.g. using our wider experience of dealing with other claims). We will compare this information against industry averages and our previous experience. We will use the outcome of that profiling to decide whether or not to offer insurance and the premium price.
  • Assessing and administering claims.  We use systems as part of our claims process to inform the questions we ask of you and to help us decide on an appropriate settlement figure. For example, if you are making a claim for injury, we will use information relating to your injury, treatment and prognosis to generate a valuation band for your injuries.
  • Preventing and detecting insurance fraud. We use systems to help us recognise likely indications of insurance fraud. This might result in a claim being passed to our fraud team for further investigation.

We keep our profiling process under regular review and, in most cases, an individual will then make a decision based on the outcome of that profiling.  

What is automated decision making?

Automated decision making refers to a situation where a decision is taken using personal information that is processed solely by automatic means (i.e. using an algorithm or other computer software) rather than a decision that is made with some form of human involvement.

Automated decision making is widely used in the insurance industry to offer and administer insurance efficiently and accurately. Where an automated decision produces a legal or other similarly significant effect concerning you (for example, where your policy or claim is rejected), we will only carry out automated decision making:

  • using your personal information where it is necessary for the purposes of entering into or performing a contract with you (e.g. to assess your insurance application);
  • using your sensitive personal information where it is necessary for an insurance purpose (such as administering your claim or detecting insurance fraud).

In all other cases, we will ask for your consent in advance.

We currently use automated decision in our SME motor business. We use an electronic-trading system called Acturis to help us assess the risk and calculate what premium we charge. We have certain pricing rules which are fed into the system.  For example whether you have had a claim in the last 5 years will affect the price as will the amount you wish us to cover. Using these rules, the system automatically decides whether to accept, decline or refer your application to an underwriter for further consideration.

Please see section 9 for the rights that arise when we carry out automated decision making.

Under data protection law you have a number of rights in relation to the personal information that we hold about you which we set out below. These rights might not apply in every circumstance. You can exercise your rights by contacting us at any time using the details set out in section 11. We will not usually charge you in relation to a request.

Please note that although we take your rights seriously, there may be some circumstances where we cannot comply with your request such as where complying with it would mean that we couldn't comply with our own legal or regulatory obligations. In these instances we will let you know why we cannot comply with your request.

In some circumstances, complying with your request may result in your insurance policy being cancelled or your claim being discontinued. For example, if you request erasure of your personal information, we would not have the information required to pay your claim. We will inform you of this at the time you make a request.

The right to access your personal information

You are entitled to a copy of the personal information we hold about you and certain details about how we use it.

We will usually provide your personal information to you in writing unless you request otherwise. Where your request has been made electronically (e.g. by email), a copy of your personal information will be provided to you by electronic means where possible.

The right to rectification

We always take care to ensure that the information we hold about you is accurate and where necessary up to date. If you believe that there are any inaccuracies, discrepancies or gaps in the information we hold about you, you can contact us and ask us to update or amend it.

The right to restriction of processing

In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to use your personal information.

The right to withdraw your consent

Where we rely on your consent in order to process your personal information, you have the right to withdraw such consent to further use of your personal information.

Please note that for some purposes, we need your consent in order to provide your policy or handle your claim. If you withdraw your consent, we may need to cancel your policy or we may be unable to pay your claim. We will advise you of this at the point you seek to withdraw your consent.

The right to erasure

This is sometimes known as the 'right to be forgotten'. It entitles you, in certain circumstances, to request deletion of your personal information. For example, where we no longer need your personal information for the original purpose we collected it for or where you have exercised your right to withdrawn consent.

Whilst we will assess every request, there are other factors that will need to be taken into consideration. For example we may be unable to erase your information as you have requested because we have a legal or regulatory obligation to keep it.

The right to object

In certain cases, you have the right to object to our processing. This arises in relation to:

Marketing: You have control over the extent to which we market to you and you have the right to request that we stop sending you marketing messages at any time. You can do this either by clicking on the "unsubscribe" button in any email that we send to you or by clicking the link in section 11. Please note that even if you exercise this right because you do not want to receive marketing messages, we may still send you service related communications where necessary.

Processing based on our justifiable purpose: Where we process your personal information on the basis of a justifiable purpose, you can object to such processing, unless our purpose outweighs any prejudice to your privacy rights.

The right to data portability

In certain circumstances, you can request that we transfer personal information that you have provided to us directly to a third party.

Rights relating to automated decision-making

Where an automated decision produces a legal or other similarly significant effect concerning you (for example, where your policy or claim is rejected), you have the right to ask us to reconsider a decision taken by automated means or to take a new decision on a different basis (e.g. by introducing some form of human involvement).

The right to make a complaint to the ICO

You have a right to complain to the Information Commissioner's Office (ICO) if you believe that we have breached data protection laws when using your personal information. You can visit the ICO's website at https://ico.org.uk/ for more information. Please note that lodging a complaint will not affect any other legal rights or remedies that you have.

Cookies are small text files that are placed on your computer when you visit certain webpages. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

The following cookies are used on the Site:

Site/domain Set by Cookie Name Purpose
         
qbeeurope.com QBE European Operations Session cookieconsent_dismissed
These cookies are used to remember a users preference as they navigate around the Site. These preferences include functionality such as consenting to cookies and remembering passwords across multi page forms. Information collected is in an anonymous form.
sitewidealert_dismissed  
ASP.NET_seesionId 
qbeeurope.com Google Goole Analytics _ga
These cookies are used to collect information about how visitors interact with the Site. This data is gathered and used for reports and analysis to help us improve the Site. Information collected is in an anonymous form.
More information
 _gat
vimeo.com Vimeo Video analytics player

We use Vimeo to host videos that are embedded in the Site. These cookies are used by Vimeo to collect analytics tracking information.
More information
vuid 
player.vimeo.com Google _utma player

These third party cookies are used by Google Analytics to collect information about how visitors interact with Vimeo
vuid 
qbeeurope.com QBE European Operations Session


 
 
 
 
Google Analytics for video usage 








cookieconsent_dismissed 
These cookies are used to remember a users preference as they navigate around the Site. These preferences include functionality such as consenting to cookies and remembering passwords across multi page forms. Information collected is in an anonymous forms. These third party cookies are used by Google Analytics to collect information about how visitors interact with Vimeo embedded videos on the Site. Vimeo then use this information to improve their offering. Information collected is in anonymous form.
More information
sitewidealert_dismissed  
 ASP.NET_sessionID
_utmc  
_utmz  
_utmt_player  
youtube.com YouTube Video analytics and advertising visitor_info1_live We use YouTube to host videos that are embedded onto the Site. The cookies are only used when a video is shared and is used to check available bandwidth.
More information
qbeeurope.com QBE European Operations Session cookieconsent_dismissed




These preferences include functionality such as consenting to cookies and remembering passwords across multi page forms. Information collected is in an anonymous form.
This cookie is used by YouTube and aims to limit repeat advertising and deliver more relevant advertising to you. Information collected is in an anonymous form.
More information
sitewidealert_dismissed 
ASP.NET_sessionID 
ysc 
pref 
.doubleclick.net Double Click by Google Advertising dsid
id
We use Google to help us market our products and services. These cookies help us to measure the effectiveness of these online marketing campaigns. Information collected is in anonymous form.
More information
qbeeurope.com QBE European Operations Session cookieconsent_dismissed



These cookies are used to remember a users preference as they navigate around the Site. These preferences include functionality such as consenting to cookies and remembering passwords across multi page forms. Information collected is in an anonymous form.
sitewidealert_dismissed 
ASP.NET_sessionID  
ide 
 

From time to time we may need to make changes to this notice, for example, as the result of changes to law, technologies, or other developments. We will provide you with the most up-to-date notice and you can check our website https://qbeeurope.com/privacy-policy/ periodically to view it.

This notice was last updated on 21st May 2018 and republished on 23 Nov 2018.