Since 1993  +44 (0)20 7256 3100   
TEST SITE

General Data Protection Regulation
Folgate Underwriting Agency Ltd Privacy Policy



Folgate Underwriting Agency Ltd (Folgate) believe in protecting the personal information that you provide us with. The privacy and security of your personal data is very important to us and we want to assure you that your personal data will be properly managed and protected.

This policy is designed to help you understand how we and other insurance market participants process your personal data through the Insurance Lifecycle. It is important that you read this policy.

This policy may be updated from time: this version is dated July 2023 but historic versions are available on request.

Third Party Information Notice - The London Insurance Market Core Uses Information Notice

Insurance involves the use and disclosure of your personal data by various insurance market participants such as intermediaries, insurers and reinsurers. The London Insurance Market has produced a Core Uses Information Notice which sets out those core necessary personal data uses and disclosures throughout the insurance lifecycle, and in particular sets out how other insurance market participants process your personal data. Our core uses and disclosures are consistent with the London Market Core Uses Information Notice. In addition to reviewing our information policy, we recommend you review the London Insurance Market Core Uses Information Notice. Please follow the below link to The London Insurance Market Core Uses Information Notice at www.lmalloyds.com: Information_Notice

Please note that we do not control the LMA website and are not responsible for the London Insurance Market Core Uses Information Notice.

If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact our data protection contact using the details set out below:


CONTACT DETAILS

Folgate Underwriting Agency Ltd
80 Leadenhall Street
London
EC3A 3DH
Email: data@folgateltd.com



Index

Glossary

Insurance Lifecycle

Flow of personal data through insurance lifecycle

The data we may collect about you (your personal data)

Where we might collect your personal data from

Legal grounds we rely on to process your personal data

Purposes, categories, legal grounds and recipients of our processing your personal data

Identities of data controllers and data protection contacts

Consent to process your personal data

Marketing

Profiling and automatic decision making

Retention of your personal data

International transfers

Your rights and contact details of the ICO

Your right to complain to the ICO






GLOSSARY

Please see below a glossary of key insurance and data protection terms used in this policy for your ease. These defined words are shown in bold throughout this policy:

Beneficiary means an individual or a company that an insurance policy states may receive payment under the insurance policy if an insured event occurs. A beneficiary does not have to be the insured/policyholder and there may be more than one beneficiary under an insurance policy.

Claimant means either a beneficiary who is making a claim under an insurance policy or an individual or a company who is making a claim against a beneficiary where that claim is covered by the insurance policy.

Claims processing means the process of handling a claim that is made under an insurance policy.

Data controller(s) means an entity which collects and holds personal data. It decides what personal data it collects about you and how that personal data is used. Any of the insurance market participants when using your personal data for the purposes set out in “Purposes, categories, legal grounds and recipients of our processing your personal data” on page 7 of this policy could be data controllers.

Data protection contact means the person named by the relevant insurance market participant who you should contact if you have any queries or requests regarding your personal data or how we are using it. In many cases (although not all), this person will the Data Protection Officer of the relevant insurance market participant.

GDPR means the EU General Data Protection Regulation and the new UK Data Protection Act, which replaces the UK Data Protection Act 1998 from 25th May 2018.

Inception means the start date of the insurance policy.

Information Commissioner’s Office (ICO) means the regulator (or National Competent Authority/Data Protection Authority) for data protection matters in the UK.

Insurance means the pooling and transfer of risk in order to provide financial protection against a possible eventuality. There are many types of insurance.

Insurance policy(ies) means a contract of insurance between the insurer and the insured/policyholder.

Insurance market participant(s) or participant(s) means an intermediary, insurer or reinsurer.

Insured(s)/policyholder(s) means the individual or company in whose name the insurance policy is issued. A potential insured/policyholder may approach an intermediary to purchase an insurance policy or they may approach an insurer directly.

Insurer(s)/underwriter(s) means a company who provide insurance cover to insured/policyholder in return for premium. An insurer may also be a reinsurer.

Intermediary(ies) means a company(ies) who help insureds/policyholders and insurers/underwriters arrange insurance cover.

Lloyd’s means a specialist insurance market place where insurance policies are underwritten.

Policy administration means the process of administering and managing an insurance policy following its inception.

Personal data means any data from which you can be identified and which relates to you. It may include data about any claims you make. Personal data does not include any data where the identity of a natural person has been removed (anonymous data).

Processing of personal data means collecting, using, storing, disclosing or erasing your personal data.

Premium means the amount of money to be paid by the insured/policyholder to the insurer/underwriter for the insurance policy.

Quotation means the process of providing a quote to a potential insured/policyholder for an insurance policy.

Reinsurance means insurance purchased by an insurer from a reinsurer.

Reinsurer(s) means a company who provide insurance cover to another insurer/underwriter or reinsurer.

Renewal means the process of the insurer under an insurance policy providing a quotation to the insured/policyholder for a new insurance policy to replace the existing one on its’ expiry.

We, us, our means Folgate Underwriting Agency Ltd and its’ group companies.

You or your means the individual whose personal data may be processed by an insurance market participant. You may be the insured/policyholder, beneficiary, claimant or other person involved in a claim or relevant to an insurance policy.




INSURANCE LIFECYCLE



Insurance Lifecycle






FLOW OF PERSONAL DATA THROUGH INSURANCE LIFECYCLE


Insurance Lifecycle Flow






THE DATA WE MAY COLLECT ABOUT YOU (YOUR PERSONAL DATA)

The types of personal data that may be processed are defined below and have the same meaning when used throughout this policy:

Type of personal data Details
Individual details Your name, address (including proof of address), other contact details e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, individual family details (including their relationship to you
Identification details Your national insurance number, passport number, tax identification number, driving license number
Financial information Your bank account and/or payment card details, income and other financial information
Risk details Information about you which we need to collect in order to assess the risk to be insured and provide a quotation. This may include data relating to your health, criminal convictions and other special categories of personal data. For certain types of insurance, this could include telematics data
Policy information Information about the quotations you receive and insurance policies you take out
Credit and anti-fraud data Your credit history, credit score, sanctions and criminal offences and information received from various anti-fraud databases relating to you
Current / previous claims Information about previous and current claims (including other unrelated insurance), your health, criminal convictions and other special categories of personal data and in some cases, surveillance reports
Special categories of personal data Certain categories of personal data which have additional protection under the GDPR. The categories are health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data or data concerning sex life or orientation

In order for us to provide insurance quotations, insurance policies and/or deal with any claims or complaints, we need to collect and process personal data about you. Where we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with insurance).

We also collect, use and share aggregated data such as statistical or demographic data for our legitimate business interests. Aggregated data may be derived from your personal data but does not reveal your identity. However, any data which can identify you will be treated as personal data and used in accordance with this privacy policy.




WHERE WE MIGHT COLLECT YOUR PERSONAL DATA FROM

We might collect your personal data from various sources depending on your particular circumstances including;
  • You;
  • Your family members, employer, insurance broker or representative;
  • Other insurance market participants;
  • Credit reference agencies;
  • Anti-fraud databases, sanction lists, court judgements and other databases;
  • Government agencies such as DVLA and HMRC;
  • Open electoral register;
  • Data held in the public domain
  • In the event of a claim:
    - Third parties (including administrators and suppliers);
    - Claimant / defendant
    - Witnesses
    - Experts (including medical experts)
    - Loss Adjusters / loss assessors
    - Solicitors
    - Claims handlers
Monitoring and recording of telephone calls

For our joint protection, telephone calls may be recorded and/or monitored for training and quality purposes and for fraud prevention and detection. Where call recordings are made, they are retained in line with regulatory guidance.






LEGAL GROUNDS WE RELY ON TO PROCESS YOUR PERSONAL DATA

Legal ground for processing personal data Details
Performance of our contract with you Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.
Compliance with a legal obligation Processing is necessary for compliance with a legal obligation to which we are subject.
Protection of vital interests Processing is necessary in order to protect the vital interests of you or another natural person.
In the public interest Processing is necessary for the performance of a task carried out in the public interest.
For our legitimate business interests Processing is necessary for the purpose of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where you are a child. These legitimate interests are set out next to each purpose.
Legal ground for processing special category personal data Details
Your explicit consent You have given your explicit consent to the processing of those personal data for one or more specified purposes, where we are unable to procure, provide or administer insurance without this consent.
You are free to withdraw your consent by contacting our data protection contact. However withdrawal of your consent will impact our ability to provide insurance or pay claims.
Protection of vital interests where you are unable to give consent Processing is necessary to protect the vital interests of you or of another natural person where you are physically or legally incapable of giving consent.
For legal claims Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
In the substantial public interest Processing is necessary for reasons of substantial public interest, on the basis of EU or UK law.





PURPOSES, CATEGORIES, LEGAL GROUNDS AND RECIPIENTS OF OUR PROCESSING YOUR PERSONAL DATA

We set out below the purposes insurance market participants might use your personal data for:

Insurance Lifecycle Purposes Legal grounds for processing your personal data Personal data we might provide Special category data we might provide Who might we share your personal data with
Quotation / Inception - Setting you up as a client
- Possible fraud and anti-money laundering checks
- Sanctions check
- Credit check
 Personal data
- Performance of our contract with you
- Compliance with a legal obligation
- Legitimate business interest (ensuring risk acceptability)
- Prevention and detection of crime
Special category data
- In the substantial public interest
- Compliance with a legal obligation
 - Individual details
- Identification details
- Financial information
- Risk details
 - Credit and anti-fraud
- Current/previous claims
- Health data
- Criminal conviction data
- Other sensitive data
 - Credit reference agencies
- Credit / debit providers
- Banks
- Regulators (Lloyds’/FOS)
- Anti-fraud databases
- Risk evaluation databases (e.g. flood and crime risk data)
- Other databases
- Auditors
- Regulators
- Insurers
- Risk Surveyors
- Brokers
- Reinsurers
- HMRC
- Police
- Courts
- Evaluating the risks to be covered
- Matching risk to appropriate insurance policy/ premium
 Personal data
- Performance of our contract with you
- Legitimate interest (to determine risk profile, appropriate product and premium)
Special category data
- In the substantial public interest
- Payment / refund of premium where the insured / policyholder is an individual
 Personal data
- Performance of our contract with you
- Legitimate interest (to recover debts)
Policy administration - General client care
- Communicating with you regarding policy administration and requested changes to the policy
 Personal data
- Performance of our contract with you
- Legitimate interest (correspond with you in order to facilitate the placing of the policy and claims)
Special category data
- In the substantial public interest
- Compliance with a legal obligation
 - Individual details
- Identification details
- Financial information
- Risk details
 - Credit and anti-fraud
- Current/previous claims
- Health data
- Criminal conviction data
- Other sensitive data
 - Credit reference agencies
- Credit / debit providers
- Banks
- Regulators (Lloyds’/FOS)
- Anti-fraud databases
- Risk evaluation databases (e.g. flood and crime risk data)
- Other databases
- Auditors
- Regulators
- Insurers
- Risk Surveyors
- Brokers
- Reinsurers
- HMRC
- Police
- Courts
Claims processing - Managing insurance and reinsurance claims
 Personal data
- Performance of our contract with you
- Legitimate interest (to assist our clients in handling claims)
Special category data
- Consent
- Legal claims
 - Individual details
- Identification details
- Financial information
- Policy information
- Risk details
 - Risk details
- Current/previous claims
- Credit and anti-fraud
- Health data
- Other sensitive
 - Credit reference agencies
- Credit / debit providers
- Banks
- Regulators (Lloyds’/FOS)
- Anti-fraud databases
- Risk evaluation databases (e.g. flood and crime risk data)
- Other databases
- Auditors
- Regulators
- Insurers
- Risk Surveyors
- Brokers
- Reinsurers
- HMRC
- Police
- Courts
- Loss adjusters
- Solicitors
- Experts
- Third parties involved in the claim
- Suppliers
- Contractors
- Medical practitioners
- Defending or prosecuting legal claims
 Personal data
- Performance of our contract with you
- Legitimate interest (to assist our clients and handling claims)
Special category data
- Legal claims
- Compliance with a legal obligation
- Investigation or prosecuting fraud
 Personal data
- Performance of our contract with you
- Legitimate interest (to detect and prevent crime)
Special category data
- Legal claims
- In the substantial public interest
- Compliance with a legal obligation
- Validating claim and insurance policy
 Personal data
- Performance of our contract with you
- Legitimate interest (to detect and prevent crime)
Special category data
- Legal claims
- In the substantial public interest
- Compliance with a legal obligation
Renewal - Contacting the insured / policyholder to renew the insurance policy
 Personal data
- Performance of our contract with you
- Legitimate interest (correspond with you in order to facilitate the placing of the policy and claims)
 - Individual details
- Identification details
- Financial information
- Risk details
 - Credit and anti-fraud
- Current/previous claims
- Health data
- Criminal conviction data
- Other sensitive data
 - Credit reference agencies
- Credit / debit providers
- Banks
- Regulators (Lloyds’/FOS)
- Anti-fraud databases
- Risk evaluation databases (e.g. flood and crime risk data)
- Other databases
- Auditors
- Regulators
- Insurers
- Risk Surveyors
- Brokers
- Reinsurers
- HMRC
- Police
- Courts
- Evaluating the risks to be covered (if changed) and matching to appropriate insurance policy / premium
 Personal data
- Performance of our contract with you
- Legitimate interest (to determine risk profile, appropriate product and premium)
Special category data
- In the substantial public interest
- Compliance with a legal obligation
- Payment of premium where the insured / policyholder is an individual
 Personal data
- Performance of our contract with you
- Legitimate interest (to recover debts)
Special category data
- In the substantial public interest
- Compliance with a legal obligation
Other - Complying with our legal or regulatory obligations
 Personal data
- Legal obligation
Special category data
- In the substantial public interest
- Compliance with a legal obligation
 - Individual details
- Identification details
- Financial information
- Policy information
- Risk details
 - Credit and anti-fraud
- Current/previous claims
- Health data
- Criminal conviction data
- Other sensitive data
 - Intermediary
- Insurers
- Reinsurers
- Regulators (Lloyds’/FOS)
- Anti-fraud databases
- Risk evaluation databases (e.g. flood and crime risk data)
- Other databases
- Auditors
- Risk Surveyors
- Brokers
- General risk modelling and underwriting
 Personal data
- Legitimate interest (to build risk models allowing acceptance of risk with appropriate premium)
Special category data
- In the substantial public interest
- Transferring books of business, company sales & reorganisations
 Personal data
- Legitimate interest (to structure our business appropriately)
- Legal obligation
Special category data
- In the substantial public interest


Please note that in addition to the disclosures we have identified against each purpose, we may also disclose personal data for those purposes to our service providers, contractors, agents and group companies that perform activities relating to your insurance on our behalf.

Please be aware that we may process your personal data on the basis of more than one legal ground depending on the specific purpose for which we are using your personal data. Please contact our data protection contact if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table above.




IDENTITIES OF DATA CONTROLLERS AND DATA PROTECTION CONTACTS

The Insurance Lifecycle involves the sharing of your personal data between insurance market participants, some of which you will not have direct contact with. In addition, your personal data may not have been collected directly by an insurance market participant.

You can find out the identity of the initial data controller of your personal data within the Insurance Lifecycle in the following ways:
  • Where you took out the insurance policy yourself
    • The insurer/underwriter and, if purchased through an intermediary, the intermediary will be the initial data controller and their data protection contact can advise you on the identities of other insurance market participants that they have passed your personal data to.
  • Where your employer or another organisation took out the insurance policy for your benefit
    • You should contact your employer or the organisation that took out the insurance policy. Your employer or other organisation should provide you with details of the insurer/underwriter or intermediary that they provided your personal data to. You should then contact the insurer’s/underwriter’s data protection contact who can advise you on the identities of other insurance market participants that they have passed your personal data to.
  • Where you are not a policyholder or an insured
    • You should contact the organisation that collected your personal data who should provide you with details of the relevant insurance market participant’s data protection contact.





CONSENT TO PROCESS YOUR PERSONAL DATA

In order to provide insurance and deal with insurance claims, insurance market participants may need to process your special categories ofpersonal data, such as medical and criminal conviction records, as set out above against the relevant purpose.

Your consent to this processing may be necessary for the insurance market participants to achieve this.

You may withdraw your consent to such processing at any time. However, if you withdraw your consent this will impact our ability to provide insurance or deal with claims.




MARKETING

Marketing communications from us

We may use your individual details and policy information to evaluate the products and services which we think will be of interest and relevant to you.

Unless you have told us not to, you may receive marketing communications from us if you have requested information from us or purchased services from us. Such marketing communications may include risk or insurance related information or details of products or services which we think, may be of interest to you.

Third party marketing

We will not share your personal data with any third party for their own marketing purposes without your express permission.

Opting out

You can ask us or third parties to stop sending you marketing communications at any time by contacting our data protection contact at data@folgateltd.com.




PROFILING AND AUTOMATIC DECISION MAKING

When calculating an insurance premium, we and other insurance market participants may compare your personal data against industry averages. Your personal data may also be used to create the industry averages going forward. This is known as profiling and is used to ensure the premium charged reflects the risk presented.

Profiling may also be used to assess information you provide to understand fraud patterns.

Where special categories of personal data are relevant, such as medical history for life insurance or past motoring convictions for motor insurance, your special categories of personal data may also be used for profiling.

We might make some decisions based on profiling and without staff intervention (known as automatic decision making). We will provide details of any automated decision making upon request including:
  • where we use such automated decision making
  • the logic involved
  • the consequences of the automated decision making
  • any facility for you to haver the logic explained to you and submit further information so the decision may be reconsidered




RETENTION OF YOUR PERSONAL DATA

We will keep your personal data including aggregated data for so long as is necessary and for our legitimate business interests (e.g. risk modelling and underwriting). In particular, for so long as there is any possibility that either you or we may wish to bring a legal claim under this insurance, or where we are required to retain your personal data due to legal or regulatory reasons.




INTERNATIONAL TRANSFERS

We may need to transfer your personal data to insurance market participants or their affiliates or sub-contractors which are located outside of the European Economic Area (EEA). Those transfers would always be made in compliance with the GDPR.

If you would like further details of how your personal data would be protected if transferred outside of the EEA, please contact the data protection contact of the relevant insurance market participant.




YOUR RIGHTS AND CONTACT DETAILS OF THE ICO

If you have any questions in relation to our use of your personal data, you should first contact the data protection contact of the relevant insurance market participant. Under certain conditions, you may have the right to require us to:
  • provide you with further details on the use we make of your personal data including special categories of data;
  • provide you with a copy of the personal data including special category data that you have provided to us;
  • update any inaccuracies in the personal data including special category data we hold;
  • delete any personal data including special category data that we no longer have a lawful ground to use;
  • where processing is based on consent, to withdraw your consent so that we stop that particular processing;
  • object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
  • restrict how we use your personal data whilst a complaint is being investigated.
In certain circumstances, we may need to restrict the above rights in order to safeguard the public interest e.g. the detection and prevention of crime andour interests e.g. the maintenance of legal privilege.




YOUR RIGHT TO COMPLAIN TO THE ICO

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights above, or if you think we have breached the GDPR then you have the right to complain to the ICO.

Please see below contact details of the ICO:

England Scotland Wales Northern Ireland
Information Commissioners Office,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire,
SK9 5AF

T: 0303 123 1113
T: 01625 545 745

E: casework@ico.org.uk
Information Commissioners Office,
45 Melville Street,
Edinburgh,
EH3 7HL

T: 0131 244 9001

E: scotland@ico.org.uk
Information Commissioners Office,
2nd Floor,
Churchill House,
Churchill Way,
Cardiff,
CF10 2HH

T: 02920 678 400

E: wales@ico.org.uk
Information Commissioners Office,
3rd Floor,
14 Cromac Place,
Belfast,
BT7 2JB

T: 0303 123 1114
T: 02890 278 757

E: ni@ico.org.uk


COOKIE POLICY

The website uses cookies, which are text files placed on your computer. Some of these are essential to the site's operation while others analyse how visitors use the site. These cookies are set by default but you can disable them in your internet browser. Owing to the global nature of the Internet infrastructure, the information you provide may be transferred in transit to countries outside the European Economic Area that do not have similar protections in place regarding your data and its use as set out in this policy. However, we have taken the steps outlined in this privacy policy to try to improve the security of your information. By submitting your information you consent to these transfers and to the use of that information as set out in this policy. To contact the data controller (see CONTACT DETAILS).
Folgate Underwriting Agency Ltd
© Folgate Underwriting is a trading name of Folgate Underwriting Agency Ltd registered in England and Wales No. 2852425.
Authorised and regulated by the Financial Conduct Authority (FCA) under reference number 304782. Registered Address: 80 Leadenhall Street, London, EC3A 3DH.