Our Privacy and Security

Introduction

The privacy statements below  will help you understand how we collect, use and protect your personal information when you interact with us. Please take a few moments to read the sections below and learn how we may use personal information. You should also show this notice to anyone else who may be accessing your information.

As a user of this website

Data protection

1.1 Scope of application

The following data protection notice applies to GJW Private Clients internet presence. This website contains links to third-party websites (external links). These websites are the responsibility of the respective operators. Should you notice that our website contains a link to a site whose content violates applicable law, please let us know at datenschutz@munichre.com.

We will then remove such link from our website without delay. GJW Private Clients assumes no responsibility as to the topicality, correctness, completeness or quality of the information provided.

1.2 Use of your data

Below is explained how your personal data will be processed when you visit GJW Private Clients website, and to inform you of your rights under data protection law.

1.3 Who will be responsible for processing your data, and how can you reach the Data Protection Officer?

The Data Controller is:

Groves, John and Westrup Ltd
8th Floor, Walker House
Exchange Flags
Liverpool
L2 3YL 

Tel: 0151 473 8000

The Data Protection Officer is:

Mr Tony Dumycz
Groves, John and Westrup Ltd
10 Fenchurch Avenue
London
EC3M 5BN

Tel: +44 (0) 7768 363350
Email: datenschutz@munichre.com 

1.4 What categories of data will we use, and for what purposes do we process personal data?

You are generally free to visit our website anonymously. Only if you have agreed to the evaluation of your usage behaviour for statistical purposes, (date, time, pages viewed, navigation, software used) data will be collected by us via an external service provider when you visit our Website. Then your complete IP address will be transmitted to the service provider, where it will be shortened and thus made anonymous before being saved, so that even then it is no longer possible to draw conclusions about you.

If you disclose your personal data to us in specific circumstances (for example, by filling out a contact form), we handle such data confidentially, in accordance with the data protection regulations. If you send us an e-mail, or if you complete and submit an on-line form on our website, we will use any personal data you provide (such as your name or e-mail address) only to correspond with you, to send you the information you requested, or for the other purpose(s) stipulated on the particular form.

For legal or technical reasons, personal data may also be collected and communicated to us in an encrypted form from areas on our website that are accessible only to users with special authorisation. The amount of data collected depends on the application used.

For every application or process with which we collect your personal data (e.g. via cookies for statistical evaluations), we will provide an individualised privacy statement to inform you about the processing of your data.

1.5 What is the legal basis for our processing of your personal data?

We process your data on the basis of the provisions of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and all other laws applicable to the processing of personal data. The substantive legal grounds for the processing depend on the context and the purpose for which we collect your data.

As a rule, we collect and process your personal data to communicate with you and send you the information that you request. This may be necessary, in the context of a user/contractual relationship, to fulfil a contract or during the pre-contractual process (for example, job application process), or at your request. Where an application or process requires restricted access (for example the job applicant portal), the user or data subject’s consent may constitute the legal grounds. You may revoke such consent at any time. Any processing done before the revocation would remain valid, however.

1.6 Who receives your data?

Within GJW Private Clients, only those staff and departments who are responsible for the respective process will receive your data. The data may also be disclosed to service providers for the purposes set out above. Using service providers is necessary, for example, for the administration and maintenance of our IT systems. 

For every application or process with which we collect your personal data (e.g. via cookies for statistical evaluations), we will provide an individualised privacy statement to inform you about the processing of your data.

If we process any of your personal data for certain purposes, you will receive a notice about how exactly your data is being used.

Service providers that we use to send you the requested information (such as newsletters) will receive your required personal data (e.g. postal services receive your name and address).

A list of all service providers that we use for data processing can be found below and also is available for downloading.

1.7 Will we send your data to third countries?

If personal data needs to be transferred to service providers or Group companies outside the UK or European Economic Area (EEA), this will be done only if the European Commission has confirmed that the respective country’s level of data protection is sufficient, or if you have agreed to it separately, or if data protection is otherwise sufficiently guaranteed (for example through standard EU contractual clauses). You may also request the information from the Data Protection Officer.

1.8 What measures do we have in place to protect your data?

We have state-of-the-art technical and organisational security measures to protect data against accidental or intentional manipulation, loss, destruction, and access by unauthorised parties. We use Secure Socket Layer (SSL) encryption to protect any information you enter in dialogue forms on our web pages. SSL encryption protects your data against unauthorised third-party access during transfer.

You can recognize an encrypted connection by the change in your browser address line from “http://” to “https://”, and the padlock symbol appearing in your browser window.

For your own security, please always use our contact forms. If you send us unencrypted data in a normal, unprotected e-mail, it is possible that unauthorised parties may gain knowledge of or modify your data during transmission via the internet.

1.9 What data protection rights can you claim as a data subject?

At the address indicated above, you may request information about the personal data we have stored under your name. In addition, under certain conditions you may request that your data be deleted or corrected. Furthermore, you may also have a right to restrict the processing of your data and a right to disclosure of the data you have made available in a structured, common and machine-readable format. If you have given your consent, you have the right to revoke it at any time with effect for the future; if you were not informed of any other way in the consent, you can also send the revocation to the above mentioned address.

If we process your data for the purposes of safeguarding legitimate interests, you may object to this processing on grounds relating to your particular situation. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.

1.10 Who can you contact if you have a complaint?

If you have a complaint, you may contact the Data Protection Officer, or the data protection authority. The authority responsible for us is:

The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF 

Tel: +44 (0) 303 123 1113

1.11 How long will your data be stored?

We will delete your personal data as soon as it is no longer required for the purposes set out above. Further details can be found, where applicable, under the respective types of data processing.

1.12 Are you required to provide us with your data?

You are not required to provide personal data when accessing GJW Private Clients website. However, there are services for which we require personal data from you – for example, to send you information. Without this data, GJW Private Clients cannot carry out the services you request. We collect only the data that is required in a particular case. Where we do process your personal data, we will inform you separately about the purposes, recipients, legal basis and any other rights you may have.

As a broker

Groves, John and Westrup Ltd Private Clients Broker Information Notice

This information notice is designed to help you, as a broker or agent of Groves, John and Westrup Ltd Private Clients (GJW Private Clients), to understand how we process your personal data.  

You are a broker or agent of GJW Private Clients and we are acting as a Managing General Agent (MGA), providing insurance solutions to a panel of insurance brokers.

Insurance is provided by different insurers who are all part of the Munich Re Group.

The insurance lifecycle may involve the sharing of your personal data with other insurance market participants, some of which, you may not have direct contact with.  You can find out more information about these processors by us.

The Data Controller for Groves, John and Westrup Ltd is:

Groves, John and Westrup Ltd
8th Floor, Walker House
Exchange Flags
Liverpool
L2 3YL 

Tel: 0151 473 8000

The Data Protection Officer for Groves, John and Westrup Ltd is:

Mr Tony Dumycz
Munich Re UK Services
10 Fenchurch Avenue
London
EC3M 5BN

Tel: +44 (0) 7768 363350
Email: datenschutz@munichre.com

Please contact the Data Protection Officer if you have questions concerning this Information Notice or your Data Subject Access Rights.  These include:

  • Data Portability: The transfer of your personal data to another Data Controller.
  • Erasure: To have your personal data removed or deleted.
  • Rectification: To have your personal data corrected if it is inaccurate.
  • Restrict Processing: To restrict processing where your personal data is inaccurate or the processing is unlawful.
  • Object to Processing:  To object to processing where it forms part of our legitimate interest. 
  • Subject Access Request: To access your personal data and information around its processing.
  • To object to direct marketing (we do not do direct marketing).   

If you are unhappy with any response or have a complaint.  You can raise this with:

The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF 

Tel: +44 (0) 303 123 1113 

Who your data is shared with

The following are data controllers that we share your personal data with:

  • Insurers - including Munich Re Syndicate Limited, DAS Legal Expense Insurance Company Limited and Great Lakes Insurance SE. 
  • Reinsurers - including Münchener Rückversicherungs-Gesellschaft Aktiengesellschaft in München. 
  • Agents – that sell insurance products on our behalf.
  • Brokers – that have advised our insurance products to you.
  • Government Agencies.
  • Legal advisers.

The following are data processors that we disclose your personal data to:

  • Third Parties providing services for Legal, Banking, Claims Handling, Credit Checking, Insurance Administration and IT Services.

Please contact the Data Protection Officer (datenschutz@munichre.com) if you require further information on who your data is shared with.

What information do we collect about you

Personal Data

Categories of data Type of information processed Where the data may come from Who we may disclose the data to Potential purpose of processing Lawful basis of processing
Individual Information Name, address, marital status, gender, date and place of birth, nationality, employer, job title. Background. Regulatory authority/status. Photographs from corporate and social events. Insurance intermediaries or other insurance market participants. Yourself. Your employer. Credit reference agencies. Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Credit reference agencies. Anti-fraud databases. Setting you up and managing you as a client including checks for potential fraud, sanctions, credit and anti-money laundering. Collecting any appropriate premium and paying commission and claims. Performance of our contract with you. Legitimate Interest. Consent. Legitimate Interest.
Financial Information Premiums and claims paid on your policies. Bank account or payment card details. Income and other financial information. Trading accounts. Insurance intermediaries or other insurance market participants. Yourself. Your employer. Credit reference agencies. Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Credit reference agencies. Anti-fraud databases. Setting you up and managing you as a client including checks for potential fraud, sanctions, credit and anti-money laundering. Collecting any appropriate premium and paying commission and claims. Performance of our contract with you.
Statutory and anti-fraud information Credit history, credit score, sanctions and information from anti-fraud databases concerning you. Insurance intermediaries or other insurance market participants. Yourself. Your employer. Credit reference agencies. Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Credit reference agencies. Anti-fraud databases. Setting you up and managing you as a client including checks for potential fraud, sanctions, credit and anti-money laundering. Collecting any appropriate premium and paying commission and claims. Performance of our contract with you.

Special Categories of Personal Data

Categories of data Type of information processed Source of the data Who we disclose the data to Purpose of processing Lawful basis of processing
Individual Information Criminal records and convictions. Insurance intermediaries or other insurance market participants. Yourself. Your employer. Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. Setting you up or managing you as a client. Processing is necessary for an insurance purpose.
Statutory and anti-fraud information Criminal records and convictions. Insurance intermediaries or other insurance market participants. Yourself. Your employer. Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. Setting you up or managing you as a client. Processing is necessary for an insurance purpose.

Protection of your information

Your privacy is important to us and we follow strict security and organisational procedures in the processing, storage, destruction and disclosure of your information. This is to prevent unauthorised access or loss of your information.

Marketing

If you have opted in to receive marketing material Groves, John and Westrup Limited or group companies (which includes any company of whom the ultimate parent company is Munich Re Specialty Group Limited) will contact you from time to time by telephone, post, e-mail or SMS to keep you informed with news, products or services, including but not limited to insurance together with carefully selected offers or promotions which we feel may be of interest to you. Other carefully selected companies may also contact you by post.

If you would like to receive the marketing material referred to above please contact us using either the email address businessdevelopment@grovesjohnwestrup.com, Tel: 07929 792459 or write to The Data Protection Officer at the above address.

Data Retention

Your personal data will only be kept for as long as it is necessary for the purpose it was collected for.
Category of data How long we retain your data
Individual information, financial information and statutory and anti-fraud information 6 years from the termination of the contract with you
Other events or circumstances relevant to determining the risks and commitments that arise out of contracts of insurance 6 years or 60 years for Employers Liability

Transfer of Data

We will not transfer your personal data outside the UK or EEA where there is not an adequate level of data protection.  

Your personal data may be disclosed to companies within our Group or to Service Providers outside the UK or EEA. However, we ensure that there is an adequate level of data protection in place and adhered to by these parties.

You can find out the details about any other party we have shared your personal data with by contacting the Data Protection Officer at the address provided at the top of this information notice. 

Changes to this Groves, John and Westrup Ltd Private Clients Broker Information Notice

If we make changes to this information notice that affects how we process your information, we will revise the information notice and publish it on our website. 

As a policy holder or customer

Groves, John and Westrup Ltd Private Clients Information Notice

This information notice is designed to help you, as a customer of Groves, John and Westrup Ltd Private Clients (GJW Private Clients), to understand how we process your personal data.  

You are a customer of GJW Private Clients and we are acting as a Managing General Agent (MGA), providing insurance solutions to a panel of insurance brokers.

Insurance is provided by different insurers who are all part of the Munich Re Group.

The insurance lifecycle may involve the sharing of your personal data with other insurance market participants, some of which, you may not have direct contact with.  You can find out more information about these processors by contacting the intermediary that you purchased your policy from.

The Data Controller for Groves, John and Westrup Ltd is:

Groves, John and Westrup Ltd
8th Floor, Walker House
Exchange Flags
Liverpool
L2 3YL 

Tel: 0151 473 8000

The Data Protection Officer for Groves, John and Westrup Ltd is:

Mr Tony Dumycz
Munich Re UK Services
10 Fenchurch Avenue
London
EC3M 5BN

Tel: +44 (0) 7768 363350
Email: datenschutz@munichre.com

Please contact the Data Protection Officer if you have questions concerning this Information Notice or your Data Subject Access Rights. These include:

  • Data Portability: The transfer of your personal data to another Data Controller.
  • Erasure: To have your personal data removed or deleted.
  • Rectification: To have your personal data corrected if it is inaccurate.
  • Restrict Processing: To restrict processing where your personal data is inaccurate or the processing is unlawful.
  • Subject Access Request: To access your personal data and information around its processing.
  • To object to direct marketing (we do not do direct marketing).   

If you are unhappy with any response or have a complaint.  You can raise this with:

The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF 

Tel: +44 (0) 303 123 1113 

Who your data is shared with

The following are data controllers that we share your personal data with:

  • Insurers - including Munich Re Syndicate Limited, DAS Legal Expense Insurance Company Limited and Great Lakes Insurance SE. 
  • Reinsurers - including Münchener Rückversicherungs-Gesellschaft Aktiengesellschaft in München. 
  • Agents – that sell insurance products on our behalf.
  • Brokers – that have advised our insurance products to you.
  • Government Agencies.
  • Legal advisers.

The following are data processors that we disclose your personal data to:

  • Third Parties providing services for Legal, Banking, Claims Handling, Credit Checking, Insurance Administration and IT Services.

Please contact the Data Protection Officer (datenschutz@munichre.com) if you require further information on who your data is shared with.

What information do we collect about you

Personal Data

Categories of data Type of information processed Where the data may come from Who we may disclose the data to Potential purpose of processing Lawful basis of processing
Individual Information Name, address, marital status, gender, date and place of birth, nationality, employer, job title, employment history, family details and their relationship to you. Insurance intermediaries or other insurance market participants. Your family. Your employer. Credit reference agencies. Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. Medical doctors and specialists Setting you up as a client including checks for potential fraud, sanctions, credit and anti-money laundering. Underwriting, evaluating and pricing of the risks to be insured and calculating and validating the appropriate premium for your policy. Performance of our contract with you.
Policy Information Information about the quotes and insurance policies you have applied for or taken out. Insurance intermediaries or other insurance market participants. Your family. Your employer. Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. Managing you as a client including underwriting, evaluating and pricing the risks to be insured and calculating, validating and collecting any appropriate premium. Pricing the risks to be insured and calculating, validating and collecting any appropriate premium. Performance of our contract with you.
Financial Information Premiums and claims paid on your policies. Bank account or payment card details. Income and other financial information. Insurance intermediaries or other insurance market participants. Your family. Your employer. Credit reference agencies. Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Credit reference agencies. Anti-fraud databases. Managing you as a client including underwriting, evaluating and pricing the risks to be insured and calculating, validating and collecting any appropriate premium. Performance of our contract with you.
Statutory and anti- fraud information Credit history, credit score, sanctions and information from anti-fraud databases concerning you. Insurance intermediaries or other insurance market participants. Member of your family. Your employer. Anti-fraud databases, sanctions lists, court judgements and other government agencies. Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. Setting you up as a client including checks for possible fraud, sanctions, credit and anti-money laundering. Managing you as a client including underwriting, evaluating and pricing the risks to be insured and calculating, validating and collecting any appropriate premium. Performance of our contract with you. Compliance with a legal obligation. Processing is necessary for the defence of legal claims.
Claim Information Information about previous and current claims. Insurance intermediaries or other insurance market participants. Member of your family. Your employer. Anti-fraud databases, claimants, defendants, witnesses, experts inc. medical experts, loss adjustors, solicitors and claims handlers. Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. Medical doctors and specialists. Managing insurance and reinsurance claims. Defending or prosecuting legal claims. Investigating or prosecuting fraud. Performance of our contract with you. Compliance with a legal obligation. Processing is necessary for the defence of legal claims.

Special Categories of Personal Data

Categories of data Type of information processed Source of the data Who we disclose the data to Purpose of processing Lawful basis of processing
Individual Information Gender and health information. Medical reports. Criminal records and convictions. Insurance intermediaries or other insurance market participants. Member of your family. Your employer. Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. Medical doctors and specialists. Setting you up or managing you as a client. Evaluating and pricing the risks to be insured and calculating and validating any appropriate premium where there is health or life insurance. Performance of the insurance contract with you or consent. Processing is necessary for the defence of legal claims.
Statutory and anti- fraud information Criminal records, convictions and court judgements. Surveillance reports. Insurance intermediaries or other insurance market participants. Member of your family. Your employer. Anti-fraud databases, sanctions lists, court judgements and other government agencies. Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. Medical doctors and specialists. Setting you up or managing you as a client. Evaluating and pricing the risks to be insured and validating any appropriate premium where there is health or life insurance, including checks for potential fraud, sanctions, anti-money laundering and other statutory checks. Processing carried out under the control of official authority. Processing is necessary for the defence of legal claims.

Protection of your information

Your privacy is important to us and we follow strict security and organisational procedures in the processing, storage, destruction and disclosure of your information.  This is to prevent unauthorised access or loss of your information.

Use of your Consent to process Special Categories of Personal Data

In order to provide insurance, in certain circumstances we may need to process special categories of personal data, such as medical records or criminal convictions.

We follow the lawful basis that your insurer has used in processing and disclosing your special categories of personal data to us. This may be for the performance of the insurance contract or consent. If consent is used, you will not have given your consent directly to us but to the insurer that you purchased your policy from. You may withdraw your consent for us to process your special categories of personal data at any time by contacting the Data Protection Officer (details as above). However, if you withdraw your consent this will impact on our ability to provide or continue to provide insurance for your insurance policy or pay claims.

Call Monitoring and Recording

For quality control purposes and to audit the evaluation process for the underwriting and pricing of the risks to be insured, we may review copies of telephone, SMS and email recordings made with the intermediary that you purchased your policy from. 

Data Retention

Your personal data will only be kept for as long as it is necessary for the purpose it was collected for.
Category of data How long we retain your data
Insurance policies, proposal forms, renewal notices, certificates etc In accordance with accounting and tax requirements or, if later, until claims under policy are barred and all outstanding claims are settled
Each new risk that is underwritten 6 years or 60 years for Employers Liability
Any material aggregation of exposure to risk from a single source or of the same kind or to the same potential catastrophe or event 6 years
Each notified claim including the amounts notified and paid, precautionary notices and any re-opened claims 6 years from date of closure of claim. Unless specific jurisdictional requirements dictate a longer period.
Claims correspondence At least 3 years after claims settlement
Policy and contractual documents and any relevant representations made to policyholders 6 years or 60 years for Employers Liability
Other events or circumstances relevant to determining the risks and commitments that arise out of contracts of insurance or contracts for insurance 6 years or 60 years for Employers Liability
Where the retention period is set by reference to the tail of the business, the period commences when there is a reasonable expectation that no further claims would be notified under the relevant policy. 

Transfer of Data

We will not transfer your personal data outside the UK or EEA where there is not an adequate level of data protection.  

Your personal data may be disclosed to companies within our Group or to Service Providers outside the UK or EEA. However, we ensure that there is an adequate level of data protection in place and adhered to by these parties.

You can find out the details about any other party we have shared your personal data with by contacting the Data Protection Officer at the address provided at the top of this information notice. 

Changes to this Groves, John and Westrup Ltd Private Clients Information Notice

If we make changes to this information notice that affects how we process your information, we will revise the information notice and publish it on our website.