DATA PROTECTION
Vivet Limited trading as Compass Underwriting (“Compass”) regards the lawful and correct treatment of personal information as very important to its successful operations and to maintaining confidence between Compass and those with whom it carries out business. Compass ensures that it treats personal information lawfully, correctly and securely.
THE PRINCIPLES OF DATA PROTECTION
Compass is fully committed to ensuring the security and protection of the personal information that Compass processes, and to providing a compliant and consistent approach to data protection in accordance with the requirements of applicable data protection law, which stipulate that anyone processing personal data must comply with the following principles of good practice:
Lawfulness, fairness and transparency – personal data shall be processed lawfully, fairly and in a transparent manner.
Purpose limitation – personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data minimization – personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy – personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Storage limitation – personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and confidentiality – personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
COMPASS PRINCIPLES OF HANDLING OF PERSONAL DATA
Through appropriate management and the use of strict criteria and controls, Compass:
– fully observes conditions regarding the fair collection and use of personal information;
– meets its legal obligations to specify the purpose for which information is collected and used;
– collects and processes appropriate information only to the extent that is needed to fulfil operational needs or to comply with any legal requirements;
– ensures the quality of information used is correct and up-to-date;
– ensures that personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes;
– takes appropriate technical and organisational security measures to safeguard personal information; and
– ensures that the rights of people about whom the information is held can be fully exercised under the data protection laws.
INFORMATION COMPASS MAY COLLECT ABOUT YOU
Compass may collect and process the following personal data about you:
– information provided to us through enquiry, application or claims forms, including:
– information such as your name, address or contact details;
– sensitive information (e.g. details of any criminal or fraudulent behaviour or medical information) obtained either through you or third parties;
– we may maintain records of any correspondence with you including phone records;
– information we collect through cookies. Please see our cookies policy for further information.
PROCESSING OF YOUR PERSONAL DATA BY COMPASS
Compass processes the personal data as defined below.
Compass is required by data protection laws to have a legitimate reason to process and use your personal data. The main purpose for processing your personal data is for the provision and performance of an insurance contract e.g. reviewing your application, setting you up as a policyholder, administration and maintenance of your insurance policy or in order to process a valid claim.
With regard to ‘Special Category’ data, i.e. sensitive information, we must obtain your consent at the point of collecting your personal data (i.e. when you input your details online or when completing a form) in order to process the data, unless an exemption for insurance purposes is applicable. In some circumstances, if we do not have your consent to process your data, it may impact our ability to issue you with insurance cover or to handle any claims.
Compass may share your personal data with the companies with which it forms a group, but only for the purposes laid out in this privacy policy and we will ensure the security of your personal data.
For employees and candidates:
A. Employees, including trainees
Purposes:
– Performance of employment contracts.
– Compliance with legal and regulatory obligations (work permits, visas, health insurance, pension plan, regulatory fitness and property verifications).
Lawful Basis:
– Processing is necessary for performance of an employment contract.
– Processing is based on data subject explicit consent.
– Processing is necessary for Compass compliance with the applicable law.
– Processing is necessary for the purpose of carrying out the obligations and exercising the specific rights of a Controller or a data subject in the context of the data subject’s employment.
B. Candidates
Purposes:
– Performance recruitment process and assessment of a candidate.
– Compliance with legal and regulatory obligations.
Lawful Basis:
– Processing is based on data subject consent.
– Processing is necessary for Compass compliance with the applicable law
C. Future employees (candidates who accepted a job offer)
Purposes:
– Performance of the on-boarding process.
– Preparation of employment contract.
– Compliance with legal and regulatory obligations (work permits, visas, health insurance, pension plan, regulatory fitness and property verifications).
Lawful Basis:
– Processing is necessary prior to entering into an employment contract.
– Processing is based on data subject explicit consent.
– Processing is necessary for Compass compliance with the applicable law.
– Processing is necessary for the purpose of carrying out the obligations and exercising the specific rights of a Controller or a data subject in the context of the data subject’s employment.
For other data subjects (third parties working with Compass):
A. Business Partners
Purposes:
– To manage business relationships and contractual relationships.
– To perform all contractual obligations, especially within binders, agency agreements TOBAs.
Lawful Basis:
– Processing is necessary for purpose of legitimate interest pursued by Compass (execution of contracts or contractual obligations, entering into contractual relationships).
– To fulfil all regulatory obligations (compliance verifications relevant to respect of anti-money laundering and sanctions regulations).
B. Policyholders
Purposes:
Lawful Basis:
– To fulfil all regulatory and contractual obligations (compliance verifications relevant to respect of anti-money laundering and sanctions regulations).
– Processing is necessary for purpose of legitimate interest pursued by Compass (execution of contracts or contractual obligations, entering into contractual obligations).
C. Service providers, vendors, consultants, contractors
Purposes:
– To manage contractual and commercial relationships.
– To manage services.
– To manage purchase orders and invoicing.
Lawful Basis:
– Processing is necessary for purpose of legitimate interest pursued by Compass (execution of contracts or contractual obligations, entering into contractual relationships).
Categories of personal data and recipients of those data are as identified in a relevant personal data processing record, which may be communicated to any concerned individual upon request. The personal data processed by Compass is accessible only to persons working within or with Compass organization who need to have access to it in accordance with processing purposes and a lawful basis as defined above.
It may be necessary for Compass to share your personal data with financial and regulatory organisations (e.g. the Financial Ombudsman Service, the Financial Conduct Authority, the Information Commissioner’s Office) or law enforcement agencies (including courts) in order to assist them with enquiries, investigations or proceedings and ensure that Compass is compliant with its regulatory and legal requirements. As a financial services company, Compass is required to have certain processes in place with regard to anti-bribery and corruption, money laundering and fraud. If any criminal offence is detected or suspected, Compass may share data with third parties (e.g. law enforcement agencies, fraud prevention agencies, anti-money laundering agencies) in order to prevent crime or aid investigations if crime is identified. Compass may also access this data as part of our ‘Know Your Client’ procedures to establish who the parties being dealt with are, and when assessing a claim payment in order to prevent criminal offences.
Personal data may be transferred to some third parties, including third parties being located outside the UK. In such case, Compass ensures that the transferred data is adequately protected. For more details regarding protection and safeguard measures put in place by Compass with regard to personal data transfer, please contact the Data Protection Officer of the group of companies which Compass forms part of at dpo@else.co.
Compass retains processed personal data only for the period necessary for Compass to fulfill its legal and regulatory obligations.
DATA SUBJECT RIGHTS
Compass, while processing personal data, observes and respects data subject rights. Any concerned individuals can enforce their data protection rights, by contacting the
Data Protection Officer of the group of companies which Compass forms part of, who can provide the following information:
– type and categories of processed data;
– purpose of the relevant processing;
– recipients to whom the personal data has/will be disclosed;
– duration of the retention of the concerned data;
– source of data (if not collected directly from individual);
– any automated processing of concerned personal data (when applicable).
Any concerned individual has a right to ask for:
– correction and/or completion of their personal data in case of its incompleteness or inaccuracy;
– erasure of its personal data (when applicable);
– restrict the processing of its personal data.
We would like to send you information about our products and services. We would also like to send you information about the products and services of other companies in our group which may be of interest to you. If you have consented to receive marketing, you may opt out at a later date. You have a right at any time to stop us from contacting you for marketing purposes or giving your information to other members of the Group. If you no longer wish to be contacted for marketing purposes, please click here.
IMPLEMENTATION
All Compass employees are fully aware of this notice and of their duties and responsibilities under the data protection laws.
All contractors, consultants, partners or other servants or agents of Compass must ensure that they and all of their staff who have access to personal data held or processed for or on behalf of Compass, are aware of this notice and are fully trained in and are aware of their duties and responsibilities under the data protection laws.
Compass has appointed a Data Protection Officer. The implementation of this notice will be led and monitored by the Data Protection Officer.
The Data Protection Officer can be reached at ViVet Limited t/a Compass Underwriting, 35 Ballards Lane, London N3 1XW, England or by email at dpo@else.co.
Should you have any concerns regarding how we process your personal data, then you have the right to report your concern to the Information Commissioner’s Office. For more information, please visit the website of the Information Commissioner’s Officer.
VARIATION OF POLICY
Compass reserves the right to amend this policy from time to time in line with the applicable legislation and Compass business needs.