Our Privacy and Security
properties.trackTitle
properties.trackSubtitle
Introduction
As a user of this website
Data Protection
1.1 Scope of application
The following data protection notice applies to GrovesJohnWestrup Private Clients internet presence. This website contains links to third-party websites (external links). These websites are the responsibility of the respective operators. Should you notice that our website contains a link to a site whose content violates applicable law, please let us know at dataprotection@gjwdirect.co.uk.
We will then remove such link from our website without delay. GrovesJohnWestrup Private Clients assumes no responsibility as to the topicality, correctness, completeness or quality of the information provided.
1.2 Use of your data
1.3 Who will be responsible for processing your data, and how can you reach the Data Protection Officer?
The Data Controller is:
Munich Re Specialty Insurance (UK) Ltd
Union, 2-10 Albert Square, Manchester, M2 6LW
Tel: 0161 236 3380
The Data Protection Officer is:
Munich Re Specialty Insurance (UK) Ltd
St Helen’s, 1 Undershaft, London, EC3A 8EE
Email: p0060011432@munichre.com
1.4 What categories of data will we use, and for what purposes do we process personal data?
You are generally free to visit our website anonymously. Only if you have agreed to the evaluation of your usage behaviour for statistical purposes, (date, time, pages viewed, navigation, software used) data will be collected by us via an external service provider when you visit our Website. Then your complete IP address will be transmitted to the service provider, where it will be shortened and thus made anonymous before being saved, so that even then it is no longer possible to draw conclusions about you.
If you disclose your personal data to us in specific circumstances (for example, by filling out a contact form), we handle such data confidentially, in accordance with the data protection regulations. If you send us an e-mail, or if you complete and submit an on-line form on our website, we will use any personal data you provide (such as your name or e-mail address) only to correspond with you, to send you the information you requested, or for the other purpose(s) stipulated on the particular form.
For legal or technical reasons, personal data may also be collected and communicated to us in an encrypted form from areas on our website that are accessible only to users with special authorisation. The amount of data collected depends on the application used.
For every application or process with which we collect your personal data (e.g. via cookies for statistical evaluations), we will provide an individualised privacy statement to inform you about the processing of your data.
1.5 What is the legal basis for our processing of your personal data?
We process your data on the basis of the provisions of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and all other laws applicable to the processing of personal data. The substantive legal grounds for the processing depend on the context and the purpose for which we collect your data.
As a rule, we collect and process your personal data to communicate with you and send you the information that you request. This may be necessary, in the context of a user/contractual relationship, to fulfil a contract or during the pre-contractual process (for example, job application process), or at your request. Where an application or process requires restricted access (for example the job applicant portal), the user or data subject’s consent may constitute the legal grounds. You may revoke such consent at any time. Any processing done before the revocation would remain valid, however.
1.6 Who receives your data?
Within GrovesJohnWestrup Private Clients, only those staff and departments who are responsible for the respective process will receive your data. The data may also be disclosed to service providers for the purposes set out above. Using service providers is necessary, for example, for the administration and maintenance of our IT systems.
For every application or process with which we collect your personal data (e.g. via cookies for statistical evaluations), we will provide an individualised privacy statement to inform you about the processing of your data.
If we process any of your personal data for certain purposes, you will receive a notice about how exactly your data is being used.
Service providers that we use to send you the requested information (such as newsletters) will receive your required personal data (e.g. postal services receive your name and address).
A list of all service providers that we use for data processing can be found below and also is available for downloading.
1.7 Will we send your data to third countries?
1.8 What measures do we have in place to protect your data?
We have state-of-the-art technical and organisational security measures to protect data against accidental or intentional manipulation, loss, destruction, and access by unauthorised parties. We use Secure Socket Layer (SSL) encryption to protect any information you enter in dialogue forms on our web pages. SSL encryption protects your data against unauthorised third-party access during transfer.
You can recognize an encrypted connection by the change in your browser address line from “http://” to “https://”, and the padlock symbol appearing in your browser window.
For your own security, please always use our contact forms. If you send us unencrypted data in a normal, unprotected e-mail, it is possible that unauthorised parties may gain knowledge of or modify your data during transmission via the internet.
1.9 What data protection rights can you claim as a data subject?
At the address indicated above, you may request information about the personal data we have stored under your name. In addition, under certain conditions you may request that your data be deleted or corrected. Furthermore, you may also have a right to restrict the processing of your data and a right to disclosure of the data you have made available in a structured, common and machine-readable format. If you have given your consent, you have the right to revoke it at any time with effect for the future; if you were not informed of any other way in the consent, you can also send the revocation to the above mentioned address.
If we process your data for the purposes of safeguarding legitimate interests, you may object to this processing on grounds relating to your particular situation. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves the assertion, exercise or defence of legal claims.
1.10 Who can you contact if you have a complaint?
If you have a complaint, you may contact the Data Protection Officer, or the data protection authority. The authority responsible for us is:
The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: +44 (0) 303 123 1113
1.11 How long will your data be stored?
1.12 Are you required to provide us with your data?
As a broker
GrovesJohnWestrup Private Clients - Broker Information Notice
This information notice is designed to help you, as a broker of GrovesJohnWestrup Private Clients, to understand how we process your personal data.
You are a broker of GrovesJohnWestrup Private Clients and we are acting as a Managing General Agent (MGA), providing insurance solutions to a panel of insurance brokers.
Insurance is provided by different insurers who are all part of the Munich Re Group.
The insurance lifecycle may involve the sharing of your personal data with other insurance market participants, some of which, you may not have direct contact with. You can find out more information about these processors by us.
The Data Controller is:
Munich Re Specialty Insurance (UK) Ltd
Union, 2-10 Albert Square, Manchester, M2 6LW
Tel: 0161 236 3380
The Data Protection Officer is:
The Data Protection Officer
Munich Re Specialty Insurance (UK) Ltd
St Helen’s, 1 Undershaft, London, EC3A 8EE
Email: p0060011432@munichre.com
Please contact the Data Protection Officer if you have questions concerning this Information Notice or your Data Subject Access Rights. These include::
- Data Portability: The transfer of your personal data to another Data Controller.
- Erasure: To have your personal data removed or deleted.
- Rectification: To have your personal data corrected if it is inaccurate.
- Restrict Processing: To restrict processing where your personal data is inaccurate or the processing is unlawful.
- Subject Access Request: To access your personal data and information around its processing.
- To object to direct marketing (we do not do direct marketing).
If you are unhappy with any response or have a complaint. You can raise this with:
The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: +44 (0) 303 123 1113
Who your data is shared with
The following are data controllers that we share your personal data with:
- Insurers - including Munich Re Syndicate Limited, DAS Legal Expense Insurance Company Limited and Great Lakes Insurance SE.
- Reinsurers - including Münchener Rückversicherungs-Gesellschaft Aktiengesellschaft in München.
- Agents – that sell insurance products on our behalf.
- Brokers – that have advised our insurance products to you.
- Government Agencies.
- Legal advisers.
The following are data processors that we disclose your personal data to:
- Third Parties providing services for Legal, Banking, Claims Handling, Credit Checking, Insurance Administration and IT Services.
Please contact the Data Protection Officer (p0060011432@munichre.com) if you require further information on who your data is shared with.
What information do we collect about you
Personal Data
Categories of data | Type of information processed | Where the data may come from | Who we may disclose the data to | Potential purpose of processing | Lawful basis of processing |
---|---|---|---|---|---|
Individual Information | Name, address, marital status, gender, date and place of birth, nationality, employer, job title, employment history, family details and their relationship to you. | Insurance intermediaries or other insurance market participants. Your family. Your employer. Credit reference agencies. | Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. Medical doctors and specialists | Setting you up as a client including checks for potential fraud, sanctions, credit and anti-money laundering. Underwriting, evaluating and pricing of the risks to be insured and calculating and validating the appropriate premium for your policy. | Performance of our contract with you. |
Policy Information | Information about the quotes and insurance policies you have applied for or taken out. | Insurance intermediaries or other insurance market participants. Your family. Your employer. | Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. | Managing you as a client including underwriting, evaluating and pricing the risks to be insured and calculating, validating and collecting any appropriate premium. | Performance of our contract with you. |
Financial Information | Premiums and claims paid on your policies. Bank account or payment card details. Income and other financial information. | Insurance intermediaries or other insurance market participants. Your family. Your employer. Credit reference agencies. | Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Credit reference agencies. Anti-fraud databases. | Managing you as a client including underwriting, evaluating and pricing the risks to be insured and calculating, validating and collecting any appropriate premium. | Performance of our contract with you. |
Statutory and anti-fraud information | Credit history, credit score, sanctions and information from anti-fraud databases concerning you. | Insurance intermediaries or other insurance market participants. Member of your family. Your employer. Anti-fraud databases, sanctions lists, court judgements and other government agencies. | Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. | Setting you up as a client including checks for possible fraud, sanctions, credit and anti- money laundering. Managing you as a client including underwriting, evaluating and pricing the risks to be insured and calculating, validating and collecting any appropriate premium. | Performance of our contract with you. Compliance with a legal obligation. Processing is necessary for the defence of legal claims. |
Claim Information | Information about previous and current claims. | Insurance intermediaries or other insurance market participants. Member of your family. Your employer. Anti-fraud databases, claimants, defendants, witnesses, experts inc. medical experts, loss adjustors, solicitors and claims handlers. | Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. Medical doctors and specialists. | Managing insurance and reinsurance claims. Defending or prosecuting legal claims. Investigating or prosecuting fraud. | Performance of our contract with you. Compliance with a legal obligation. Processing is necessary for the defence of legal claims. |
Special Categories of Personal Data
Categories of data | Type of information processed | Source of the data | Who we disclose the data to | Purpose of processing | Lawful basis of processing | |
---|---|---|---|---|---|---|
Individual Information | Gender and health information. Medical reports. Criminal records and convictions. | Insurance intermediaries or other insurance market participants. Member of your family. Your employer. | Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. Medical doctors and specialists. | Setting you up or managing you as a client. Evaluating and pricing the risks to be insured and calculating and validating any appropriate premium where there is health or life insurance. | Performance of the insurance contract with you or consent. Processing is necessary for the defence of legal claims. | |
Statutory and anti-fraud information | Criminal records, convictions and court judgements. Surveillance reports. | Insurance intermediaries or other insurance market participants. Member of your family. Your employer. Anti-fraud databases, sanctions lists, court judgements and other government agencies. | Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. Medical doctors and specialists. | Setting you up or managing you as a client. Evaluating and pricing the risks to be insured and validating any appropriate premium where there is health or life insurance, including checks for potential fraud, sanctions, anti-money laundering and other statutory checks. | Processing carried out under the control of official authority. Processing is necessary for the defence of legal claims. |
Protection of your information
Use of your Consent to process Special Categories of Personal Data
In order to provide insurance, in certain circumstances we may need to process special categories of personal data, such as medical records or criminal convictions.
We follow the lawful basis that your insurer has used in processing and disclosing your special categories of personal data to us. This may be for the performance of the insurance contract or consent. If consent is used, you will not have given your consent directly to us but to the insurer that you purchased your policy from. You may withdraw your consent for us to process your special categories of personal data at any time by contacting the Data Protection Officer (details as above). However, if you withdraw your consent this will impact on our ability to provide or continue to provide insurance for your insurance policy or pay claims.
Call Monitoring and Recording
Data Retention
Category of data | How long we retain your data |
---|---|
Insurance policies, proposal forms, renewal notices, certificates etc | In accordance with accounting and tax requirements or, if later, until claims under policy are barred and all outstanding claims are settled |
Each new risk that is underwritten | 6 years or 60 years for Employers Liability |
Any material aggregation of exposure to risk from a single source or of the same kind or to the same potential catastrophe or event | 6 years |
Each notified claim including the amounts notified and paid, precautionary notices and any re-opened claims | 6 years from date of closure of claim. Unless specific jurisdictional requirements dictate a longer period. |
Claims correspondence | At least 3 years after claims settlement |
Policy and contractual documents and any relevant representations made to policyholders | 6 years or 60 years for Employers Liability |
Other events or circumstances relevant to determining the risks and commitments that arise out of contracts of insurance or contracts for insurance | 6 years or 60 years for Employers Liability |
Transfer of Data
We will not transfer your personal data outside the UK or EEA where there is not an adequate level of data protection.
Your personal data may be disclosed to companies within our Group or to Service Providers outside the UK or EEA. However, we ensure that there is an adequate level of data protection in place and adhered to by these parties.
You can find out the details about any other party we have shared your personal data with by contacting the Data Protection Officer at the address provided at the top of this information notice.
Changes to this GrovesJohnWestrup Private Clients - Broker Information Notice
As a policyholder or customer
GrovesJohnWestrup Private Clients - Information Notice
This information notice is designed to help you, as a customer of GrovesJohnWestrup Private Clients, to understand how we process your personal data.
You are a customer of GrovesJohnWestrup Private Clients and we are acting as a Managing General Agent (MGA), providing insurance solutions to a panel of insurance brokers.
Insurance is provided by different insurers who are all part of the Munich Re Group.
The insurance lifecycle may involve the sharing of your personal data with other insurance market participants, some of which, you may not have direct contact with. You can find out more information about these processors by contacting the intermediary that you purchased your policy from.
The Data Controller is:
Munich Re Specialty Insurance (UK) Ltd
Union, 2-10 Albert Square, Manchester, M2 6LW
Tel: 0161 236 3380
The Data Protection Officer for Munich Re Specialty Insurance (UK) Ltd is:
The Data Protection Officer
Munich Re Specialty Insurance (UK) Ltd
St Helen’s, 1 Undershaft, London, EC3A 8EE
Email: p0060011432@munichre.com
Please contact the Data Protection Officer if you have questions concerning this Information Notice or your Data Subject Access Rights. These include:
- Data Portability: The transfer of your personal data to another Data Controller.
- Erasure: To have your personal data removed or deleted.
- Rectification: To have your personal data corrected if it is inaccurate.
- Restrict Processing: To restrict processing where your personal data is inaccurate or the processing is unlawful.
- Subject Access Request: To access your personal data and information around its processing.
- To object to direct marketing (we do not do direct marketing).
If you are unhappy with any response or have a complaint. You can raise this with:
The Information Commissioner
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: +44 (0) 303 123 1113
Who your data is shared with
The following are data controllers that we share your personal data with:
- Insurers - including Munich Re Syndicate Limited, DAS Legal Expense Insurance Company Limited and Great Lakes Insurance SE.
- Reinsurers - including Münchener Rückversicherungs-Gesellschaft Aktiengesellschaft in München.
- Agents – that sell insurance products on our behalf.
- Brokers – that have advised our insurance products to you.
- Government Agencies.
- Legal advisers.
The following are data processors that we disclose your personal data to:
- Third Parties providing services for Legal, Banking, Claims Handling, Credit Checking, Insurance Administration and IT Services.
Please contact the Data Protection Officer (p0060011432@munichre.com) if you require further information on who your data is shared with.
What information do we collect about you
Personal Data
Categories of data | Type of information processed | Where the data may come from | Who we may disclose the data to | Potential purpose of processing | Lawful basis of processing |
---|---|---|---|---|---|
Individual Information | Name, address, marital status, gender, date and place of birth, nationality, employer, job title, employment history, family details and their relationship to you. | Insurance intermediaries or other insurance market participants. Your family. Your employer. Credit reference agencies. | Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. Medical doctors and specialists | Setting you up as a client including checks for potential fraud, sanctions, credit and anti-money laundering. Underwriting, evaluating and pricing of the risks to be insured and calculating and validating the appropriate premium for your policy. | Performance of our contract with you. |
Policy Information | Information about the quotes and insurance policies you have applied for or taken out. | Insurance intermediaries or other insurance market participants. Your family. Your employer. | Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. | Managing you as a client including underwriting, evaluating and pricing the risks to be insured and calculating, validating and collecting any appropriate premium. | Performance of our contract with you. |
Financial Information | Premiums and claims paid on your policies. Bank account or payment card details. Income and other financial information. | Insurance intermediaries or other insurance market participants. Your family. Your employer. Credit reference agencies. | Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Credit reference agencies. Anti-fraud databases. | Managing you as a client including underwriting, evaluating and pricing the risks to be insured and calculating, validating and collecting any appropriate premium. | Performance of our contract with you. |
Statutory and anti- fraud information | Credit history, credit score, sanctions and information from anti-fraud databases concerning you. | Insurance intermediaries or other insurance market participants. Member of your family. Your employer. Anti-fraud databases, sanctions lists, court judgements and other government agencies. | Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. | Setting you up as a client including checks for possible fraud, sanctions, credit and anti- money laundering. Managing you as a client including underwriting, evaluating and pricing the risks to be insured and calculating, validating and collecting any appropriate premium. | Performance of our contract with you. Compliance with a legal obligation. Processing is necessary for the defence of legal claims. |
Claim Information | Information about previous and current claims. | Insurance intermediaries or other insurance market participants. Member of your family. Your employer. Anti-fraud databases, claimants, defendants, witnesses, experts inc. medical experts, loss adjustors, solicitors and claims handlers. | Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. Medical doctors and specialists. | Managing insurance and reinsurance claims. Defending or prosecuting legal claims. Investigating or prosecuting fraud. | Performance of our contract with you. Compliance with a legal obligation. Processing is necessary for the defence of legal claims. |
Special Categories of Personal Data
Categories of data | Type of information processed | Source of the data | Who we disclose the data to | Purpose of processing | Lawful basis of processing |
---|---|---|---|---|---|
Individual Information | Gender and health information. Medical reports. Criminal records and convictions. | Insurance intermediaries or other insurance market participants. Member of your family. Your employer. | Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. Medical doctors and specialists. | Setting you up or managing you as a client. Evaluating and pricing the risks to be insured and calculating and validating any appropriate premium where there is health or life insurance. | Performance of the insurance contract with you or consent. Processing is necessary for the defence of legal claims. |
Statutory and anti- fraud information | Criminal records, convictions and court judgements. Surveillance reports. | Insurance intermediaries or other insurance market participants. Member of your family. Your employer. Anti-fraud databases, sanctions lists, court judgements and other government agencies. | Group companies. Reinsurers. Our agents and brokers. Other intermediaries or market participants. Anti-fraud databases. Medical doctors and specialists. | Setting you up or managing you as a client. Evaluating and pricing the risks to be insured and validating any appropriate premium where there is health or life insurance, including checks for potential fraud, sanctions, anti-money laundering and other statutory checks. | Processing carried out under the control of official authority. Processing is necessary for the defence of legal claims. |
Protection of your information
Use of your Consent to process Special Categories of Personal Data
In order to provide insurance, in certain circumstances we may need to process special categories of personal data, such as medical records or criminal convictions.
We follow the lawful basis that your insurer has used in processing and disclosing your special categories of personal data to us. This may be for the performance of the insurance contract or consent. If consent is used, you will not have given your consent directly to us but to the insurer that you purchased your policy from. You may withdraw your consent for us to process your special categories of personal data at any time by contacting the Data Protection Officer (details as above). However, if you withdraw your consent this will impact on our ability to provide or continue to provide insurance for your insurance policy or pay claims.
Call Monitoring and Recording
Data Retention
Category of data | How long we retain your data |
---|---|
Insurance policies, proposal forms, renewal notices, certificates etc | In accordance with accounting and tax requirements or, if later, until claims under policy are barred and all outstanding claims are settled |
Each new risk that is underwritten | 6 years or 60 years for Employers Liability |
Any material aggregation of exposure to risk from a single source or of the same kind or to the same potential catastrophe or event | 6 years |
Each notified claim including the amounts notified and paid, precautionary notices and any re-opened claims | 6 years from date of closure of claim. Unless specific jurisdictional requirements dictate a longer period. |
Claims correspondence | At least 3 years after claims settlement |
Policy and contractual documents and any relevant representations made to policyholders | 6 years or 60 years for Employers Liability |
Other events or circumstances relevant to determining the risks and commitments that arise out of contracts of insurance or contracts for insurance | 6 years or 60 years for Employers Liability |
Transfer of Data
We will not transfer your personal data outside the UK or EEA where there is not an adequate level of data protection.
Your personal data may be disclosed to companies within our Group or to Service Providers outside the UK or EEA. However, we ensure that there is an adequate level of data protection in place and adhered to by these parties.
You can find out the details about any other party we have shared your personal data with by contacting the Data Protection Officer at the address provided at the top of this information notice.