https://www.tmhcc.com/en-us/legal/privacy-policy
Effective Date: January 1, 2020
Privacy
Policy
We
take the privacy of our customers seriously and are committed to protecting
your privacy. This policy explains how we collect, use and transfer your
personal data, and your rights in relation to the personal data collected and stored
by us when you use our website or otherwise engage with our services.
This policy sets out the following:
-
What
personal data we collect about you and how;
-
How
the data is used;
-
Our
legal basis for collecting your information;
-
Who
we share your data with;
-
Where
we transfer your information;
-
How
long we retain your information;
-
Your
rights and choices in relation to the data held by us;
-
How
to make a complaint in relation to the data held by us;
-
How
we use cookies on our website; and
-
How
to contact us with any queries in relation to this notice, or the personal
data held by us.
Who
is TMHCC?
Tokio
Marine HCC is a trading name of HCC Insurance Holdings, Inc. and its
subsidiaries worldwide. Please see here for further information: http://www.tokiomarinehd.com/en/group/.
These companies are collectively referred to in this privacy statement as
"TMHCC", "we", "us" or "our".
For
the purposes of European data protection laws, if you are visiting our website
https://www.totaleventinsurance.com/
(our "Website") or
otherwise engaging with our services from the European Economic Area (or
"EEA"), the data controller of your information is TMHCC.
What
is personal data?
In
this privacy policy, references to "personal information" or "personal data"
are references to information that relates to an identified or identifiable
individual. Some examples of personal data are your name, address and
telephone number but it may also include information such as your IP address
and location, in certain jurisdictions.
What
personal data do we collect?
We
collect personal data that you provide to us when you sign up for our services,
such as your contact information and financial information. We may also
collect commercial information based on how you interact with our services,
such as the products or services you've purchased or other Internet or network
activity, such as your Website browsing history or mobile device information.
Below
are some more details on the type of personal data we collect.
INFORMATION THAT IS PROVIDED BY YOU
In
order to provide services to you, we may ask you to provide personal
information. This may include, amongst other things, your name, email
address, postal address, telephone number, gender, date of birth, passport
number, bank account details, credit history and claims history, citizenship
status, marital status depending on the service you are seeking. The personal
information that you are asked to provide, and the reasons why you are asked to
provide it, will be made clear to you at the point at which we ask you for it.
Some
of the information that you provide may be 'Special category' (or 'sensitive') personal
data". Sensitive personal data relates to your
racial or ethnic
origin, political opinions, religious or philosophical beliefs, or trade union
membership, genetic data, biometric data for the purpose of uniquely
identifying a natural person, data concerning health or data concerning a
natural person's sex life or sexual orientation
, and can sometimes be inferred
from other, non-sensitive, information that you have provided.
Information
that we collect on our website
When
you visit our Website, we will seek your consent to collect certain information
from your device. In some countries, including countries in the EEA, this
information may be considered personal information under applicable data
protection laws.
Specifically,
the information we are seeking to collect includes information like your IP
address, device type, unique device identification numbers, browser type, broad
geographic location (e.g. country or city-level location) and other technical
information. We may also collect information about how your device has
interacted with our Website, including the pages accessed and links
clicked.
Collecting
this information enables us to better understand visitors to our Website, where
they come from, and what content on our Website is of interest to them.
We use this information for our internal analytics purposes and to improve the
quality and relevance of our Website to our visitors.
Some
of this information may be collected using cookies and similar tracking
technology, as explained further under the heading "Cookies" below.
Information
that we obtain from third party sources
From
time to time, we may receive personal information about you from third party
sources
but
only where we have checked that these third parties either have your consent or
are otherwise legally permitted or required to disclose your personal
information to us
.
For
example, if you are an individual who is obtaining insurance from us via an
insurance broker, we may obtain data about you from your broker in order to
help us prepare your quote and/or your insurance policy. For information
about how your broker uses and shares your personal data, please refer to the
broker's own privacy statement.
We
may, where we are legally permitted to, also collect personal data from the
following sources in order to provide services to you:
-
Credit
reference agencies;
-
Anti-fraud
and other databases;
-
Government
agencies;
-
Electoral
register;
-
Court
judgments;
-
Sanctions
lists;
-
Family
members; and
-
In
the event of an insurance claim: the other party to the claim, witnesses,
experts, loss adjusters, solicitors and claims handlers.
How
is personal data used?
We
may need to use your personal data in order to carry out the following
activities:
-
To
set you up as a new client (including carrying out 'know your customer'
checks);
-
To
provide you with an insurance quote;
-
To
provide our products and services to you;
-
To
respond to your enquiries;
-
To
accept payments from you;
-
To
communicate with you about your policy;
-
To
renew your policy;
-
To
obtain reinsurance for your policy;
-
To
process insurance and reinsurance claims;
-
For
general insurance administration purposes;
-
To
comply with our legal and regulatory obligations;
-
To
model our risks;
-
To
defend or prosecute legal claims;
-
To
investigate or prosecute fraud;
-
To
respond to your enquiries;
-
When
you sign up for an online account
-
To
secure our network and our Website, debug the Website and repair errors;
-
To
conduct audits related to our interactions with you;
-
To
make our products and services better and to develop new products and
services; and
-
To
send you notices and information regarding our products or services,
including notifying you about special promotions or offers, where we are
legally permitted to do so.
Our
legal basis for collecting your information
Our
legal basis for collecting and using your personal data will depend on the
personal data concerned and the specific context in which we collect it.
We
will normally collect personal data where we need the information to provide
you with our services / perform a contract with you, where the processing is in
our legitimate interests and not overridden by your data protection interests
or fundamental rights and freedoms, or with your consent.
In
some cases, we may use your personal data for a legal obligation, e.g. in order
to complete 'know your customer' and money laundering checks before taking you
on as a new client.
If
we ask you to provide personal information to comply with a legal requirement
or to perform a contract with you, we will make this clear at the relevant time
and advise you whether the provision of your personal information is mandatory
(as well as of the possible consequences if you do not provide your personal
information). You are under no obligation to provide personal data to
us. However, if you should choose to withhold requested data, we may not
be able to provide you with certain services.
Similarly,
if we collect and use your personal information in reliance on our legitimate
interests (or those of any third party), we will make clear to you at the
relevant time what those legitimate interests are.
If
you are a UK resident, we may collect and use your personal information,
including sensitive personal information, on the basis of the insurance
derogation in the UK Data Protection Act 2018.
If
you are an EU resident, we may collect and use your personal information,
including sensitive personal information, on the basis of the substantial
public interest of insurance purposes, as regulated in the General Data
Protection Regulation (GDPR). If you have questions about or need
further information concerning the legal basis on which we collect and use your
personal information, please contact us using the contact details provided
under the "Contact Us" section below.
Who
is your personal data shared with?
We
may disclose your personal information with the following categories of
recipients.
-
To
our group companies, third party service providers and partners who
provide data processing services (for example data hosting and storage
companies, email marketing affiliates, and payment and claims processing
companies) or who otherwise process personal information for purposes that
are described in this Privacy Policy (see "How is personal data used?").
A list of our current group companies is available at
http://www.tokiomarinehd.com/en/group/ and a list of our current service
providers and partners may be available upon request;
-
To
any competent law enforcement body, regulatory, government agency, court
or other third party where we believe disclosure is necessary (i) as a
matter of applicable law or regulation, (ii) to exercise, establish or
defend our legal rights, or (iii) to protect your vital interests or those
of any other person;
-
To
a potential buyer (and its agents and advisers) in connection with any
proposed purchase, merger or acquisition of any part of our business,
provided that we inform the buyer it must use your personal information
only for the purposes disclosed in this privacy policy;
-
to
any other person with your consent to the disclosure.
We
do not sell (or exchange) your personal information for monetary compensation.
If
you are a US resident, from time to time we may share your personal information
with third parties for a third party's own direct benefit and this type of
sharing may be considered a sale under certain applicable laws. For more
information on the type of information we may share in this manner, please contact
us.
International
Transfers
Your
personal data may be transferred to, and processed in, countries other than the
country in which you are resident. These countries may have data
protection laws that are different to the laws of your country.
Specifically,
the servers of HCC Insurance Holdings Inc. are located in the United
States. However, other TMHCC group companies are registered elsewhere,
including in the EEA and operate around the world. This means that when
we collect your information we may process it in any of these countries.
We
have taken appropriate safeguards to require that your personal data will
remain protected in accordance with this privacy policy. These include
implementing the European Commission's Standard Contractual Clauses for
transfers of personal information between our group companies, which require
all group companies to protect personal information they process from the EEA
in accordance with European Union data protection law.
Our
Standard Contractual Clauses can be provided on request. We have
implemented similar appropriate safeguards with our third party service
providers and partners and further details can be provided upon request.
How
long is personal information retained for?
We
will keep your personal data on our records for as long as we have an ongoing
legitimate business need to do so. This includes providing you with a
service you have requested from us or to comply with applicable legal, tax or
accounting requirements. It also includes keeping your data for so long
as there is any possibility that you or we may wish to bring a legal claim
under your insurance contract, or where we are required to keep your data for
legal or regulatory reasons. Please contact us using the contact details
provided under the "Contact Us" section below should you require further
information on our record retention procedures.
We
may also retain your personal data where such retention is necessary in order
to protect your vital interests or the vital interests of another natural
person.
Your
Rights as a Data Subject
You
have the right to opt-out of marketing communications we send you at any
time. You can exercise this right by clicking on the "unsubscribe" or
"opt-out" link in the marketing e-mails we send you or contacting us using the
details provided under the "Marketing" heading below
[email protected]
.
If
you are an EU resident, you will need to opt-in to receive marketing from us.
If you then wish to unsubscribe at any point you can do so by clicking on the
"unsubscribe" or "opt-out" link in the marketing e-mails we send you or
contacting us using the details provided under the "Marketing" heading below.
Similarly,
if we have collected and processed your personal information with your consent,
then you can withdraw your consent at any time. Withdrawing your consent
will not affect the lawfulness of any processing we conducted prior to your
withdrawal, nor will it affect processing of your personal information that was
lawfully collected on grounds other than consent.
You
have the right to complain to a data protection authority about our collection
and use of your personal information. For more information, please
contact your local data protection authority. (Contact details for data
protection authorities in the European Economic Area, Switzerland and certain
non-European countries (including the US and Canada) are available
here
.)
We
respond to all requests we receive from individuals wishing to exercise their
data protection rights in accordance with applicable data protection laws.
You
may exercise any of your rights in relation to your personal data by contacting
us using the details set out in the "Contact us" section at the bottom of this
page.
If
you are resident in the UK or EU,
your principal rights under data
protection law are as follows:
a)
the
right to access;
b)
the
right to rectification;
c)
the
right to erasure;
d)
the
right to restrict processing;
e)
the
right to object to processing;
f)
the
right to data portability;
g)
the
right to complain to a supervisory authority; and
h)
the
right to withdraw consent.
If
you wish to access, correct, update or request deletion of your personal
information, we will ask you to provide us with a copy of any two of the
following documents: Driver's licence; Passport; Birth certificate; Bank
statement (from the last 3 months); or Utility bill (from the last 3 months).
With regards to your right of access, the first access request will be complied
with free of charge, but additional copies may be subject to a reasonable fee.
In addition, you can
object to processing of your personal information, ask us to restrict
processing of your personal information or request portability of your personal
information.
If
we have collected and processed your personal information with your consent,
then you can withdraw your consent at any time. Withdrawing your consent will
not affect the lawfulness of any processing we conducted prior to your
withdrawal, nor will it affect processing of your personal information
conducted in reliance on lawful processing grounds other than consent
.
You
have the right to complain to a data protection authority about our collection
and use of your personal information. For more information, please contact
your local data protection authority. In the table below we have listed the
contact details of the data protection authorities where we have local
branches:
Country
|
Data protection
supervisory authority contact details
|
UK
|
Information
Commissioner's Office
Wycliffe House, Water
Lane, Wilmslow, Cheshire SK9 5AF, UK
Tel: +44 (0) 303 123
1113
Email:
[email protected]
Website:
http://www.ico.org.uk
|
Belgium
|
Autorité de la
protection des données - Gegevensbeschermingsautoriteit (APD-GBA)
Address: Rue de la
Presse 35 - Drukpersstraat 35, 1000 Bruxelles - Brussel
Tel.: +32 2 274 48 00
email:
[email protected]
Website:
https://www.autoriteprotectiondonnees.be/
-
https://www.gegevensbeschermingsautoriteit.be/
|
Germany
|
Die Bundesbeauftragte für den Datenschutz und
die Informationsfreiheit
Address: Husarenstraße 30, 53117 Bonn
Tel.: +49 228 997799 0; +49 228 81995 0
email:
[email protected]
Website:
http://www.bfdi.bund.de/
The local German data protection
authorities' contact details are available
here
.
|
France
|
Commission Nationale de l'Informatique et des
Libertés - CNIL
Address: 3 Place de Fontenoy, TSA 80715 -
75334 Paris, Cedex 07
Tel.: +33 1 53 73 22 22
Website:
http://www.cnil.fr/
|
Spain
|
Agencia Española de Protección de Datos
(AEPD)
Address: C/Jorge Juan, 6, 28001 Madrid
Tel.: +34 91 266 3517
email:
[email protected]
Website:
https://www.aepd.es/
|
Italy
|
Garante per la protezione dei dati personali
Address: Piazza di Monte Citorio, 121, 00186
Roma
Tel.: +39 06 69677 1
email:
[email protected]
Website:
http://www.garanteprivacy.it/
|
Luxembourg
|
Commission Nationale pour la Protection des Données
Address: 1, avenue du Rock'n'Roll, L-4361
Esch-sur-Alzette
Tel.: +352 2610 60 1
email:
[email protected]
Website:
http://www.cnpd.lu/
|
Netherlands
|
Autoriteit Persoonsgegevens
Address: Bezuidenhoutseweg 30, P.O. Box 93374,
2509 AJ Den Haag/The Hague
Tel.: +31 70 888 8500
Website:
https://autoriteitpersoonsgegevens.nl/nl
|
Contact
details for other data protection authorities in the European Economic Area,
Switzerland and certain non-European countries (including the US and Canada)
are available here
.
We
respond to all requests we receive from individuals wishing to exercise their
data protection rights in accordance with applicable data protection laws.
If
you are based in the UK, you may exercise any of your rights in relation to
your personal data by contacting us using the email
[email protected]
you may exercise
any of your rights in relation to your personal data by contacting us using the
email [email protected]
Alternatively
you can use the details set out in the "Contact us" section at the bottom of
this page.
If
you are resident in the US, applicable law may entitle you, upon verifiable
request, to receive disclosures relating to:
-
The
categories and specific pieces of information we have collected;
-
The
categories of sources from which the personal information is collected;
-
The
business or commercial purpose for collecting personal information; and
-
The
categories of third parties with whom we share personal information.
you may exercise
any of your rights in relation to your personal data by contacting us here or by calling
us toll free at 888-688-0775
If
you wish to exercise any of the rights described above, we will ask you to
verify your identity. We generally will not charge to reply to your
request, but we may charge a reasonable fee or refuse your request if the
request is unjustified or excessive.
Automated
decision making
In
some instances, our use of your personal information may result in automated
decisions being taken (including profiling) that legally affect you or
similarly significantly affect you.
Automated
decisions mean that a decision concerning you is made automatically on the
basis of a computer determination (using software algorithms), without our
human review. For example, in certain instances we may use automated
decisions to establish whether we will offer insurance coverage to a
prospective insured. We have implemented measures to safeguard the rights
and interests of individuals whose personal information is subject to automated
decision-making.
When
we make an automated decision about you, you have the right to contest the
decision, to express your point of view, and to require a human review of the
decision.
Marketing
As
mentioned above, we may use your personal data to send you marketing
materials.
If
you are a UK or EU resident, you will need to opt-in to receive marketing from
us. If you then wish to unsubscribe at any point you can do so by clicking on
the "unsubscribe" or "opt-out" link in the marketing e-mails we send you or
contacting us using the details provided under the "Marketing" heading below,
or at
[email protected]
If
you are resident in the US, you do not need to opt-in to receive marketing
materials from us, and you have the right to opt-out of receiving such
communications. If you would like to stop receiving marketing information from
us, please unsubscribe by clicking the "unsubscribe" link in the relevant
marketing email, email us at
[email protected]
or write to us at:
Tokio Marine HCC
Attn: Marketing Department
13403 Northwest Freeway
Houston, TX 77040
Telephone: (713) 690-7300
Security
TMHCC
is committed to keeping our customers' data safe. We have security measures in
place designed to protect against the loss, misuse and alteration of personal
data under our control.
For
example, our security and technology policies are periodically reviewed and
enhanced as necessary and only authorised personnel have access to user
information. We use Secured Socket Layer (SSL) to encrypt financial
information you input before it is sent to us. The servers we use to store
personal data are kept in a secure environment.
Although
we cannot ensure or guarantee that loss, misuse or alteration of data will not
occur, we use our best efforts to prevent this. If you have any concerns that
your TMHCC account or personal data has been put at risk, please contact us.
Cookies
Our
sites use cookies (a small piece of information that is placed on your computer
when you visit certain websites) to distinguish you from other users, to track
your browsing pattern and to build a profile of how you and other users use our
sites. This helps us to provide you with a good experience when you browse any
of our sites and also allows us to improve our sites. If you have an online
account with us, TMHCC also uses cookies to recognize you to pre-fill forms to
save you time. TMHCC does not mandate Cookies for you to access our sites and
you may freely set your browser to reject all Cookies or prompt you to accept
or reject them. Some of the cookies we use are session cookies and only last
until you close your browser, others are persistent cookies which are stored on
your computer for longer. We may collect information through web beacons about
your web browsing activities such as the address of the page you are visiting,
the address of the referrer page you had previously visited, the time you are
viewing the page, your browsing environment and your display settings. We do
this in order to optimize your browsing experience, the use of web-based
services and provide you with relevant information on TMHCC products and
services when you have opted-in to receiving such correspondence. For
further information about TMHCC's use of cookies, see
TMHCC's Cookie Policy
.
Tracking
TMHCC
will not respond to Web browser "do not track" signals. If you would like
additional information about online tracking and various opt-out mechanisms,
please see https://youradchoices.com/
Because
we link to social media sites, and from time to time may include third-party
advertisements, other parties may collect your personally identifiable
information about your online activities over time and across different web
sites when you visit this Site.
Please
note that not all tracking will stop even if you delete cookies.
Children's
data
Our
websites and applications are not directed to children under 16 and we do not
knowingly collect any personal information directly from children under 16. If
you believe that we are processing personal information pertaining to a child
inappropriately, we ask you to contact us using the information provided under
the "Contact Us" section.
Changes
to this Privacy Policy
We
may update this Privacy Policy from time to time in response to changing legal,
technical or business developments. When we update our Privacy Policy, we will
take appropriate measures to inform you, consistent with the significance of
the changes we make. We will obtain your consent to any material Privacy
Policy changes if and where this is required by applicable data protection
laws.
You
can see when this Privacy Policy was last updated by checking the "effective
date" displayed at the top of this Privacy Policy.
Any
changes will be effective only after the effective date of the change and will
not affect any dispute arising prior to the effective date of the change.
Contact
us
If
you have any questions about this Privacy Policy, please contact us using the
following contact details:
For
residents in the UK:
Data Protection Officer
TMHCC
1 Aldgate
London
EC3N 1RE
[email protected]
For
residents in the EU:
Data Protection
Officer
TMHCC- Tokio Marine
Europe SA
33, Rue Sainte Zithe,
L-2763 Luxembourg
[email protected]
For
residents in the US:
Data Protection Officer
TMHCC
1 Aldgate
London
EC3N 1RE
[email protected]
Residents
in the US can also call us toll free at: 888-688-0775