At Travelers Europe we routinely collect and use personal data including data of prospective insureds, insured persons, claimants, beneficiaries, other persons involved in an insurance claim or business partners (“you”). We are committed to protecting your personal data and we fully understand our obligations under data protection legislation.
This policy sets out the following:
In this policy we, us and our refers to Travelers Europe which comprises certain companies based in Europe which are part of The Travelers Companies, Inc. group of companies. These companies include Travelers Management Limited, Travelers Insurance Company Limited, Travelers Syndicate Management Limited, Travelers Underwriting Agency Limited and Travelers London Limited.
If you have purchased insurance through an intermediary and then if we insure you, we will be a data controller for the purposes of the insurance. You can find out the identity of who else might be processing your data in the following ways:
- Where you purchase insurance via an insurance broker the broker you used will have given you their name and contact details. You should contact them directly for more information about how they handle your personal data and who they have passed it to.
- Where your employer or a third party purchased insurance for your benefit, your employer or that third party may also be a data controller. You should contact your employer or the third party who should provide you with details of which Travelers company has insured you.
Where you purchased insurance directly from us online or over the telephone the Travelers company which collected the information from you will be the data controller. If you have an insurance policy with us, the data controller will be the Travelers company named on your insurance policy. If your cover includes an insurance policy underwritten by another insurer, we will still be the data controller for the sale of the insurance and the other insurer will also be a data controller in respect of the insurance policy.
Where you are not a policyholder or an insured, for example an employee, prospective employee, claimant, a witness, a business partner or an individual whom we may have contacted about our products or services, we will be a data controller in respect of your personal data.
If you have any questions then please contact our Data Protection Officer at DPOEurope@travelers.com.
In order to provide insurance quotes, issue insurance policies, administer insurance policies and/or deal with claims or complaints, we need to collect and process personal data about you. We collect a variety of information depending on the nature of the risk and the claim. We may also need to collect special categories of personal data from you, for example health information.
If you are one of our business partners then we will collect your contact details and we may collect information on your expertise.
We also collect and process your personal information when you visit our locations, speak to us on the phone, when you email us and visit our website which may include filling in forms, searching for a product, entering a competition, completing promotions or surveys, reporting problems with our website or using any of our other websites or services (including live chat services).
We will automatically collect personal data via cookies each time you visit our website (www.travelers.co.uk). The types of personal data that we may collect and process include:
Insureds and Prospective Insureds
|Contact Details||Name, address, telephone number and email address|
|Identification Details||Identification numbers issued by government bodies or agencies, including your national insurance number, passport number, tax identification number and driving licence number|
|Risk Details||Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you|
|Policy Information||Information about the quotes you receive and insurance policies we have issued to you|
|Financial Information||Bank account or payment card details (where you are paying us for the insurance), income or other financial information|
|Credit and Anti-Fraud Data||Credit history, credit score, sanctions matches and criminal offences, and information received from various anti-fraud databases relating to you|
|Previous and Current Claims||Information about previous and current claims, (including other unrelated insurances),which may include data relating to your health, criminal convictions, or other special categories of personal data and in some cases, surveillance reports|
|Special Categories of Personal Data||Certain categories of personal data which have additional protection under the data protection laws. The categories are health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation|
|Marketing Information||Name, email address, telephone number, interests, record of marketing permission or objections, website data (including online account details, IP address and browser generated information)|
|Contact Details||We will need to collect your name, address, telephone number and email address|
|Policy Information||Policy number, and if you are not the policyholder details of your relationship to the policyholder, details of the policy including amount insured, exceptions and previous claims|
|Claims Details||Details of the incident giving rise to the claim and certain special categories of data (see below)|
|Special Categories of Data||Health data for example nature of injuries and medical reports. Biometric data|
|Criminal Convictions||Criminal offences including driving convictions and police reports|
|Financial Information||Bank account details used for payment of a claim (if applicable)|
|Anti-Fraud Data||Sanctions matches and criminal offences, and information received from various anti-fraud databases relating to you|
|Other Data||Information collected in order to validate a claim eg from social media, public registers, online databases, credit references agencies|
Business Partners, Visitors and Marketing
|Business Partners||Name, work address, work email, work telephone numbers and job title|
|Visitors to Our Office||Name, employer, job title, email address, telephone number, CCTV images, dietary requirements and any disability data|
|Marketing||Name, email address, telephone number, interests, record of marketing permission or objections, website data (including online account details, IP address and browser generated information)|
We might collect your personal data from various sources, including:
- Your family members, employer or representative;
- Other insurers, brokers and reinsurers;
- Credit reference agencies;
- Anti-fraud databases, sanctions lists, court judgments and other databases;
- Government agencies such as the DVLA and HMRC;
- Open electoral register;
- In the event of a claim, third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, solicitors, and claims handlers;
- In the event of a claim, third parties
- Third party service providers
- Social media such as LinkedIn, Facebook and Twitter;
- Third party marketing databases;
- Analytics providers; and
- Search information providers.
Cookies are small text files placed on your computer or other device when you visit a website. Cookies are used to make websites work more efficiently, to identify you or your device and to collect information on visitor behaviour.
We use the following types of cookies on our website (www.travelers.co.uk):
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website. This type of cookie cannot be disabled but does not gather information about you for marketing or other purposes and is deleted once you close your browser.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Third Party Cookies
We use LinkedIn cookies to measure the performance of our LinkedIn adverts. More information on the cookies LinkedIn places on third party websites such as ours can be found at: https://www.linkedin.com/legal/cookie-table.
We use Bing Analytics cookies, provided by Microsoft Inc., to collect information about how visitors use our site and help us improve how it is designed. Information collected by the Bing Analytics cookies will be transmitted to and stored by Microsoft on servers in the United States of America in accordance with its privacy policies. You may opt out of the use of these cookies by amending your browser settings as detailed below.
We use Google Analytics Cookies to collect information about how visitors use our site and help us improve how it is designed. Information collected by the Google Analytics cookies will be transmitted to and stored by Google on servers in the United States of America in accordance with its privacy practices. To see an overview of privacy at Google and how this applies to Google Analytics, please click here. Google provides a browser-add on which allows users to opt-out of Google Analytics across all websites which can be downloaded here: https://tools.google.com/dlpage/gaoptout.
Changing Your Cookie Settings
We will ask for your consent before setting cookies on your device, but you can review what you have agreed to and change your mind about what you consent to by accessing the cookie settings in your browser and accepting, rejecting or deleting cookies. If you choose to change your cookie settings for our website, you may find that certain features will not function as intended. All browser settings are slightly different, but please see the links below for details on how to disable and delete cookies in the most commonly used browsers:
- Microsoft Internet Explorer
- Apple Safari
- Google Chrome
- Mozilla Firefox
We set out below the purposes for which we use your personal data. Within the relevant sections of this Policy we will explain the legal grounds for processing your data. We will also explain who we share your data with.
We will only use your personal data when the law allows us to. We may use your personal data in the following circumstances:
- Where we need to perform the contract we have entered into with you i.e. the insurance policy;
- Where we need to comply with a legal obligation;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests i.e. we have a justifiable purpose;
- With your explicit consent;
- Where we need to protect your interest (or someone else’s interests);
- Where it is needed in the public interest (or for an official purpose).
SETTING YOU UP AS A CUSTOMER
When setting you up as a customer we will need to collect your personal data such as your contact details. We may also need your personal data to carry out certain checks including possible fraud, sanctions, credit and anti-money laundering checks.
We need this data in order to perform the insurance contract we have with you and to comply with our legal obligations in relation to the prevention of financial crime.
We will process special categories of data without your consent only where it is necessary for the purposes of setting up our systems.
We may pass/disclose your identification details and financial data onto credit reference agencies and anti-fraud databases.
At the quotation stage we evaluate the risk(s) to be covered and match this to the appropriate policy and premium. To do this we collect your personal data such as your contact and identification details and underwriting information including details of the risk. We also collect other personal data including information relating to previous claims and credit and anti-fraud data.
We may also need to collect personal data relating to your family members including children who are named or covered by the insurance policy.
If you telephone us for a quotation then we may record the telephone call. We will warn you that the call is being recorded at the time of the call.
We need this data in order to create the insurance contract. It is in our legitimate interests to determine if you are within our acceptable risk profile, what the appropriate insurance product might be and what the premium will be.
We may also collect special categories of data in respect of the risk such as your health data. We may also ask you for criminal conviction information. We will process special categories of data where the processing is necessary for the production of an insurance quotation. We will only process criminal conviction data where it is necessary for the prevention of fraud.
If we are unable to provide you with an insurance policy, we may partner with an appropriate regulated entity who may be able to assist. We will always ask your permission to introduce you to them and if you agree, we may pass certain information (including any details of criminal convictions) that you have given us about you to them in order for them to assist.
PURCHASE OF INSURANCE
In order for you to pay the premium for the insurance we will need to collect your individual details and financial information.
If your policy includes motor cover, we will pass your policy details to the Motors Insurance Information Centre (MIIC) so that they can be added to the Motor Insurance Database (MID).
We need this data into order to perform the insurance contract and because it is necessary in order for us to take payment.
Disclosure of Your Personal Data
We may share your personal data with credit reference agencies if we need to check your credit score.
We will pass your individual details and financial information to banks.
Where you wish to pay your premiums by instalments we will pass your personal details to third party premium credit providers.
If we sell you legal expenses insurance we will pass your details to DAS.
If you complete a transaction with us, we may ask a third party to assist with obtaining feedback from you on the service and product you have received. This will involve us passing your contact details to them.
If you agree to provide feedback, you agree to any applicable terms and conditions at that time.
POLICY ADMINISTRATION AND RISK SERVICES
We may need to communicate with you regarding policy administration and requested changes to your insurance policy. We may need to collect or refund premium payments and we may also need to send you updates regarding the insurance. In order to perform these tasks we will need to process your personal data such as your contact details and financial information.
We may also need to communicate with you regarding certain risk control services we provide in respect of your insured risks. We will need to process your contact details and policy information in order to provide those services. We may also ask third party service providers to offer certain risk control services to you and calls made to and from those third parties may be recorded. You will be warned that the call is being recorded at the time of the call.
We need to process this data in order to perform the insurance contract and because it is necessary to correspond with customers, beneficiaries and claimants.
In administering the insurance policy we may also process special categories of data such as your health information and we may also process criminal conviction data. We will process special categories of data without your consent where the processing is necessary for the administration of your policy. We will only process criminal conviction data for the purposes of preventing fraud.
If you have a claim or are involved with a claim then we will need to collect and process your personal data. We may also need to collect and process personal data relating to your family members including children who are named or covered by the insurance policy.
As part of the claim we may need to investigate the claim, defend legal proceedings and carry out fraud, credit and anti-money laundering checks. We will need to collect and process your personal data such as your individual details, identification details, financial information and policy information (if applicable).
We need to process this data in order to perform our obligations under the insurance contract and because it is necessary for us to assess the veracity and quantum of claim, to defend or make claims and to assist with the prevention and detection of fraud. We also need to comply with our obligations in relation to the prevention of financial crime.
We may also need to collect special categories of data for example information about your health and medical reports. We will process special categories of data without your consent only where:
- It is necessary for an insurance purpose; or
- Where the processing is necessary for the establishment, exercise or defence of a legal claim; or
- Where the processing is necessary to protect your (or a family member’s) vital interests or of another person where you are physically or legally incapable of giving consent.
Disclosure of Your Personal Data
In order to manage the claim effectively we may pass your personal data (including special categories of data) to claims handlers, loss adjusters, solicitors, experts, medical assistance providers, the police, private investigators, third parties involved in the investigation or prosecution of the claim, other insurers and anti-fraud databases. We may also pass your personal data to your broker, any agent authorised by you to act on your behalf and regulatory authorities. We will also pass your personal data including your special categories of data to our reinsurers.
Information about claims (whether made by our customers or third-parties) made under policies that we provide is collected by us when a claim is made and some details are placed on central insurance industry databases of claims such as the Motor Insurers Database, the Motor Insurance Anti-Theft and Fraud Database and, in Ireland, the ‘Insurance Link’ database. This information includes the claimant’s name, address and date of birth and the type of injury or loss suffered. Through these databases this information may be shared with other insurance companies, self-insurers or statutory authorities including law enforcement and revenue agencies. Insurers also reserve the right to use insurance industry database information at underwriting stage. More information about these databases can be found at the following websites:
We share claim data on these databases for the following reasons:
a) to ensure that more than one claim cannot be made for the same personal injury or property damage
b) to check that claims information matches what was provided when insurance cover was taken out; and
c) when required, to act as a basis for investigating claims when we suspect that insurance fraud is being attempted.
We will need to contact you to offer you renewal terms. In preparing renewals we will need to evaluate the risks to be covered and match the appropriate policy and premium to your requirements. We will also need to take payment. Upon renewal we will process your personal data in the same way as described at the quotation stage and purchase stages above.
OTHER PROCESSING DURING THE TERM OF YOUR INSURANCE POLICY
We may also need to process your personal data for other purposes not connected to your insurance policy, but which are necessary for the provision of insurance, for example:
- Complying with our legal or regulatory obligations;
- General risk modelling;
- Transferring books of business, company sales and group company reorganisations.
In order to comply with our legal or regulatory obligations, we may need to process your individual details, identification details, financial information and policy information. We may also need to disclose your personal data to our regulators including the Prudential Regulation Authority, the Financial Conduct Authority, the Information Commissioner, the Financial Ombudsman Services and other third parties from whom we receive requests for personal data such as the Police and other insurers (under court order).
We conduct risk modelling. We do this as it is within our legitimate interests as an insurer to identity the probability of risks arising. We may need to process your individual details, identification details, financial information and policy information to build risk models. We may also need to process your special categories of data but would do this only with your consent unless the processing is necessary for an insurance purpose.
From time to time we may transfer portfolios of insurance business to other insurers, sell companies or engage in company reorganisations. We may need to do this in order to structure our business appropriately or to comply with regulatory or legal obligations. In doing so we may need to process your individual details, identification details, financial information and policy information relating to your insurance contract. We may also need to process your special categories of data but will only do this if the processing is necessary or for reasons of substantial public interest. We may need to disclose your personal data, including special categories of data to a potential or actual transferee, purchaser, independent expert, regulators and the courts.
Please note that in addition to the disclosures we have identified against each purpose, we may also disclose personal data for those purposes to our professional advisers, service providers, contractors, agents and group companies that perform activities on our behalf.
If you are a business partner or a supplier we will collect your business contact details in order to manage our relationship with you and to administer our contract with you or your employer. We may also collect your information if you attend meetings, attend events that we organise, sign up to our bulletins or newsletters or contact us through our website. We may also collect information about you from public sources (for example LinkedIn or your employer’s website) where we believe this is necessary to help manage our relationships with our business partners.
If you are a visitor (such as visiting our website or our offices) we will use your personal data, for example, to register for use of our website, enquire for further information, distribute requested reference materials or invite you to one of our events.
We analyse information in our various systems and databases to help improve the way we run our business, to provide a better service and to enhance the accuracy of our risk and other actuarial models. We take steps to protect privacy by aggregating and where appropriate anonymizing data before allowing information to be available for analysis.
We may use your personal data to send you marketing communications about our insurance products or our related services. This may be in the form of email, printed material sent by post, online posts, SMS, telephone or targeted online advertising. We will only ever do this with your consent or if you are in a business relationship with us. You have the right to stop us marketing to you by opting out of such marketing when you receive electronic communications from us or by contacting our data protection officer.
We may also use your personal data to contact you in response to your social media posts.
We may also share your information with selected third parties, including:
- Advertisers and advertising networks that need the information to help them choose and show adverts to you and others;
- Analytics and search engine providers that assist us in the improvement and optimisation of our website; and
- Professional advisers and service providers involved in our marketing activities.
Where you have given us your consent to process your personal data you may withdraw your consent to such processing at any time. If you withdraw your consent this may impact our ability to provide insurance or pay claims.
If you wish to withdraw your consent to our processing of your personal data please contact our Data Protection Officer at DPOEurope@travelers.com
Automated decision making is where a decision is made solely by automated means without any human involvement for example by software or an algorithm.
We make some decisions in this way in the course of our business as an insurer. We use automated decision making to generate some online quotes. If you are a prospective insured or an insured who wishes to obtain an online quote from us our system will use a set of underwriting and product rules to issue quotations in response to information provided by you online.
Automated decision making is an efficient and cost effective way for us to provide quotations. It provides a standardised methodology and reduces the likelihood of any differences in treatment between prospective insureds. As a result it assists us in treating our customers fairly.
The use of automated decision making does mean that in relation to those particular products there is no ability for a prospective insured to negotiate the price or terms of the policy. Some of our products do have a referral process to an underwriter in relation to particular terms. It is also possible to speak to our call centre about the online process.
If you would prefer for us not to use automated decision making in respect of the online quotation process you should contact your broker who can speak to an underwriter.
If you are an insured or a prospective insured we may use automated decision making to carry out a credit and anti-fraud checks.
Profiling is the automated processing of personal data to evaluate certain things about an individual, in particular to analyse or predict certain aspects concerning that individual’s performance at work, economic situations, health, personal preferences, interests, reliability, behaviour, location or movement. Profiling can be part of an automated decision making process.
We also make certain decisions based on profiling. When we underwrite we carry out various forms of profiling to assess your individual risk so that we can calculate insurance premiums.
If you are a claimant then we may use profiling or automated decision making to assess whether your claim might be fraudulent.
Some special categories of data may also be used in profiling such as your medical data and criminal convictions.
You have certain rights in respect of automated decision making, where that decision has legal or significant effects on you.
We will keep your personal data only for so long as is reasonably necessary, for the purpose for which it was originally collected. In particular, for so long as there is any possibility that either you or we may wish to bring a legal claim under your insurance policy, or where we are required to keep your personal data due to legal or regulatory reasons.
All information you give us is stored on our secure servers. Some techniques we use to protect information include locked files, user authentication, encryption, firewall technology and the use of detection software.
Once we have collected your information, we use strict procedures ad security features to prevent unauthorized access.
We may need to transfer your data to jurisdictions located outside of the European Economic Area (EEA).
Your data may be processed by employees working for the Travelers group of companies, some of whom are based outside the EEA. Your data may also be processed by our service providers or assistance providers who may be located outside of the EEA. We may disclosure your personal data outside of the EEA if we receive a request from a foreign law enforcement or regulatory agency.
Transfers of your personal data outside of the EEA will be carried out:
- To countries recognised as providing an adequate level of protection or where we are satisfied that there are adequate safeguard in place to protect your rights as the data subject, such as EU Model Contract Clauses;
- Transfers made within the Travelers group of companies are carried out under contracts which incorporate the EU Model Contract Clauses;
- Transfers to service providers and other third parties will be protected by contractual commitments such as the EU Model Contract Clauses;
- If you would like further information on the safeguards we have in place please contact our Data Protection Officer.
If you have any questions in relation to our use of your personal data, please contact our Data Protection Officer for further information. Under certain conditions, you may have the right to require us to:
- Provide you with further details on the use we make of your personal data/special category of data;
- Provide you with a copy of the personal data that you have provided to us;
- Update any inaccuracies in the personal data we hold;
- Delete any special category of data/personal data that we no longer have a lawful ground to use;
- Stop processing your personal data, where such processing is based on your consent;
- Restrict how we use your personal data whilst a complaint is being investigated;
- Stop processing your personal data where such processing is based on the legitimate interests ground, unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights.
- Not subject you to a decision based solely on automated decision making.
In certain circumstances, we may need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).
DETAILS OF OUR DATA PROTECTION OFFICER
The primary point of contact for all issues arising from this Policy, including requests to exercise your data subject rights, is our Data Protection Officer. The Data Protection Officer can be contacted in the following ways:
Data Protection Officer
23-27 Alie Street
YOUR RIGHT TO COMPLAIN
If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights in SECTION 10, or if you think that we have breached data protection legislation (including the GDPR) then you have the right to complain to the data protection supervisory authority which is the Information Commissioner’s Office in the UK and the Data Protection Commission in Ireland. Please see below for contact details:
Tel: 0303 123 1113 (local rate) or
01625 545 745 (national rate)
45 Melville Street
Tel: 0131 244 9001
Tel: 029 2067 8400
14 Cromac Place
Tel: 0303 123 1114 (local rate) or
028 9027 757 (national rate)
Republic of Ireland
Data Protection Commissioner
Tel: +353 57 868 4800
1890 252 231 (lo call)
Beneficiary(ies) is an individual or a company entitled to receive a payment under the insurance policy if an insured event occurs. A beneficiary does not have to be the insured/policyholder and there may be more than one beneficiary under an insurance policy.
Biometric data means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that nature person, such as facial images or fingerprint data.
Claimant is either a beneficiary who is making a claim under an insurance policy or an individual or a company who is making a claim against a policyholder where that claim is covered by the insurance policy.
Claims processing is the process of handling a claim that is made under an insurance policy.
EU Model Contract Clauses: standard contractual clauses (known as model contract clauses) recognised by the European Commission as offering adequate safeguards for the transfer of data outside of the European Economic Area.
GDPR: is the EU General Data Protection Regulation as implemented by the UK Data Protection Act 2018 which replaces the UK Data Protection Act 1998 from 25 May 2018 and the Irish Data Protection Act 2018 which replaces the Irish Data Protection Act 1988).
Insurance policy is a contract of insurance between the insurer and the insured/policyholder.
Insured/policyholder is the individual or company in whose name the insurance policy is issued. A potential insured/policyholder may approach an intermediary to purchase an insurance policy or they may approach an insurer directly or via a price comparison website.
Insurer(s): (sometimes also called underwriters) provide insurance cover to insured/policyholders in return for premium. An insurer may also be a reinsurer.
Intermediaries help policyholders and insurers arrange insurance cover. They may offer advice and handle claims. Many insurance and reinsurance policies are obtained through intermediaries.
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic mental, economic, cultural or social identify of that natural person.
Policy administration is the process of administering and managing an insurance policy following its inception.
Premium is the amount of money to be paid by the insured/policyholder to the insurer in the insurance policy Reinsurers provide insurance cover to another insurer or reinsurer. That insurance is known as reinsurance
Quotation is the process of providing a quote to a potential insured/policyholder for an insurance policy.
Renewal is the process of the insurer under an insurance policy providing a quotation to the insured/policyholder for a new insurance policy to replace the existing one on its expiry. Special categories of personal data means racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometrics (where used for identification purposes), health, sex life or sexual orientation.