Data Protection Privacy Statement – UK & Europe 

Data Protection Privacy Statement – UK & Europe 

At Compre we take our data protection obligations very seriously and the security around that data is very important to us. As we carry on our business, the Compre Group UK & European entities, comprising of Bothnia International Insurance Company Limited, Compre Services (UK) Limited, Compre Services (UK) Limited (Malta) Branch, London & Leith SE, Compre Services (Finland) Oy, Compre Services (Germany) GmbH and Compre Services (Switzerland) AG gather and use certain information about individuals as data controllers. Information can be from a range of sources and relate to claimants, policyholders, beneficiaries, reinsureds, third party service providers, suppliers, business contacts, potential business partners and targets, and other people with whom we have a business relationship. In the following, we would like to inform you about the processing of your personal data by Compre Group`s UK & European entities including how we collect and use your personal data, who we share your personal data with, as well your rights in this regard.

The processing of your Personal Data is regulated under different legislation in different locations. Depending on your jurisdiction, some or all of these provisions may apply to you. If you have any questions about what applies in your jurisdiction, please feel free to contact us using the contact details provided below.

Scope of Processing and information we collect

At Compre we may collect and use your personal data in our normal course of business for the following purposes:

For Policy administration and Claims processing:

  • Advising on, arranging, underwriting or administering an insurance or reinsurance contract;
  • Administering a claim under an insurance or reinsurance contract;

For Business Generation and M&A related activities:

  • Managing our business relationship(s) with client(s);
  • Potential acquisitions;
  • Integrating acquired business into our system;
  • Managing visitors to Compre premises;

For employment purposes:

  • Administering employment contracts;
  • Complying with employment laws;
  • Recruitment including assessment of job applicants;
  • Diversity and equal opportunities monitoring;

For Anti Money Laundering Purposes, Sanctions and Fraud Prevention:

  • Carrying out anti-money laundering and ‘know-your-customer’ checks, as well as sanctions screening, in order to comply with applicable laws and regulatory guidance;

For IT related matters including the management of our website:

  • Responding to requests for IT support; 
  • Undertaking analytics regarding the use of our website and/or services.

The categories of information we collect are:

  • General data – including your name, date of birth, address, email address, marital status, phone number, gender, car registration data, claims history, IP address, CCTV images etc;
  • Detailed information about your claim – including policyholder information, witnesses, related parties, experts appointed and third-party service providers; medical reports, disability information and past criminal convictions (these are known as “special categories” of data);
  • Fraud and sanctions related data – including information as a result of our investigations such as checks from publicly available sources;
  • Education and employment-related data – including your education, vocational and professional qualifications, employment status, job title and employment and educational history;
  • Financial data – including credit and payment card numbers, bank account details, payment information, tax information and details of income and assets.

How do we collect data

You may directly provide Compre with the data we collect or we may collect data and process data when you:

  • Use or view our website via your browser`s cookies;
  • Submit a CV for recruitment purposes;
  • Submit a complaint;
  • Request IT assistance;
  • Renew your insurance contract;
  • Attend our offices;
  • From business cards you provide to us;
  • Email or telephone us; or
  • Submit a claim.

Compre may also receive your data indirectly from a number of sources including other insurance and reinsurance companies, legal advisors, brokers, appointed representatives and other business partners.

Where you provide us with personal information of a third party, you should inform them that you are doing so, where possible.

Lawful Bases for Processing

We collect and use Personal Information in accordance with applicable data protection laws and regulations. By law, we must have a legal justification, known as a lawful basis, in order to use your Personal Information for the purposes described in this Privacy Statement. Depending upon the purpose, our lawful basis will be one of the following:

  • Performance of a contract – to arrange, underwrite or handle claims in accordance with their terms;
  • Compliance with a legal obligation – to meet responsibilities we have to our regulators, tax officials, law enforcement, or other legal responsibilities;
  • Legitimate interests – to operate and improve our products and services and keep people informed about our products and services or for any other purposes we identify as appropriate to our business needs, or those business needs of a third party;
  • Consent – where we have obtained appropriate consents to collect or use your Personal Information for a particular purpose.

Data Security

Within Compre we will make sure to use reasonable measures to protect the personal data. This will include a combination of physical and electronic security measures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned. Measures we take include placing confidentiality requirements on our staff members and Service Providers; destroying or permanently anonymising personal information if it is no longer needed for the purposes for which it was collected. As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect User IDs and passwords please take appropriate measures to protect this information.

Who we share personal data with

For the purposes set above, we will sometimes share your personal data with Compre group companies and third parties including:

  • Other insurance and reinsurance companies;
  • Legal advisors and professional service firms who act on our or your behalf;
  • Experts appointed for the purpose of performing our obligations;
  • Brokers, appointed representatives and other business partners;
  • Compre employees;
  • Third party administrators;
  • Credit reference agencies;
  • Regulatory bodies and authorities;
  • Auditors’
  • Courts and counterparties;
  • I.T service providers;
  • Potential or actual third party purchasers of our business or assets; 
  • Service providers connected to our business.

We may share in aggregate, statistical form, non-personal information regarding the visitors to our website, traffic patterns, and website usage with our affiliates or advertisers. Cookies track devices as they navigate our website. Please see our cookie policy for further information (https://compre- group.com/cookies-policy/).

Data transfer to third-countries

In cases where we would need to transfer personal data outside of the EEA and UK (for example to other intra-group companies situated in Bermuda and the US) we will ensure that we take the necessary steps to protect your privacy rights and ensure that adequate safeguards are in place.

To do this we ensure that transfers of personal data within the Compre Group are covered by an intra-group agreement which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection.

Where we transfer data to third parties in jurisdictions outside of the EEA, we either ensure it is to a jurisdiction which has been deemed adequate by the European Commission or the UK Government or we obtain contractual commitments from them to protect your personal information to an equivalent level afforded under the GDPR.

If you want to contact us for more information about the safeguards we have put in place to ensure the adequate protection of your personal information, please contact us using the information provided at the end of this Privacy Notice.

Deletion of data

In line with our Data Protection Policy we will retain your data for no longer than necessary to fulfil the purpose for which it was collected. To support us in managing how long we hold your data and our record management, we maintain a Data Retention Policy which includes clear guidelines on data retention and deletion.

Your Rights

In accordance with the General Data Protection Regulation, you have the following rights:

The Right of Access

You have a right to be provided with a copy of your personal data that we are processing. This is known as a subject access request.

The Right to Rectification

If you believe that your personal data is inaccurate or incomplete then you have a right to have you personal data rectified.

The Right to Erasure

In certain circumstances you have a right to request the deletion or removal of personal data where there is no reason for its continued processing.

The Right to Restrict Processing

In certain circumstances you have the right to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing the data.

The Right to Data Portability

In certain circumstances you have a right to obtain and re-use your personal data by asking us to transfer your personal data that you have provided to another third party of your choice.

The Right to Object

In certain circumstances you may have the right to object if the personal data is being processed for direct marketing purposes.

The Right to Withdraw Consent

You have the right to withdraw consent to the processing of your personal data (where this is the basis upon which we are processing your personal data). Withdrawing your consent won’t affect the lawfulness of the processing we have undertaken before you withdraw your consent.

For security purposes, when exercising one of these rights, we may ask you for additional information to confirm your identity before disclosing the personal information requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us using the contact information displayed below. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information is disclosed.

Marketing

Compre will not use your personal data for marketing purposes.

Profiling and Automated Decision Making

Compre will not use your personal data for the purposes of automated decision making or profiling.

EU/UK Representatives

Bothnia International Insurance Company Limited has been appointed as our EU representative under the EU GDPR. Any questions or comments from EU individuals or supervisory authorities regarding the processing of personal data by any of the Compre entities located outside of the EU can be directed to juha.nora@compre-group.com.  
 
Compre Services (UK) Limited has been appointed as our UK representative under the UK GDPR. Any questions or comments from UK individuals or the ICO regarding the processing of personal data by any of the Compre entities located outside of the UK can be directed to  simon.hawkins@compre-group.com.

Updates

This Privacy Statement is updated from time to time to take account of changes in our business activities, legal requirements and to make sure it’s as transparent as possible. Please regularly check these pages for the latest version of this Privacy Notice.

Queries or Complaints

If you have any questions about this Privacy Notice you can contact us on:

Damian Everest
Head of Group Risk & Compliance
Compre Services (UK) Ltd – Malta Branch

Trident Park, Notabile Gardens
No.7, Level 3
Mdina Road, Zone 2
Central Business District
BirkirkaraMalta, CBD2010

Email: damian.everest@compre-group.com
Telephone: +356 2166 9040

If you are not satisfied with our response or believe that we are not handling your personal data in accordance with the law you can complain to the following bodies:

Europe:
Office of the Data Protection Ombudsman
P.O. Box 800
00531 Helsinki
Finlande

Telephone: +358 (0)29 566 6700

U.K
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
Royaume-Uni
SK9 5AF

Telephone: +44 0303 123 1113