Skip to main content

 

Updated September 2024

Privacy Notice

Data Controllers (together "Steamship"):

Steamship Mutual Underwriting Association Limited ("SMUAL") and
Steamship Insurance Management Services Limited ("SIMSL")
Address: Aquatical House, 39 Bell Lane, London, E1 7LU, UK
Tel: +44 (20) 7247 5490
Fax: +44 (20) 7377 9378

Email: [email protected] 

 

Steamship Mutual Underwriting Association (Europe) Limited ("SMUAE") and
Steamship Insurance Agency (Europe) Limited ("SIAE")
Address: 363, 28 October Avenue, Vashiotis Ikos Center, Limassol 3107, Cyprus
Tel: + (357) 25 268440

SIMSL's EU Representative Data Protection Officer: SIAE

Tel:+ (357) 25 268440

Email: [email protected] 

 

The Steamship Mutual Underwriting Association (Bermuda) Limited ("SMUAB"), 
Steamship Mutual Management (Bermuda) Limited ("SMMB") and 
Hamilton Investment Management Limited ("HIML")
Address: Cumberland House, 6th Floor, One Victoria Street, Hamilton HM 11, Bermuda
Main Line: +1 (315) 537 8710
Alternate Line: +1 (315) 537 8715

Email: [email protected] 

 

Data Protection Officer / Privacy Officer: Graham Jones
Tel: +44 (20) 7650 6534
Email: [email protected] 


This Notice summarises how the Controllers collect, use and disclose personal data, and the rights of data subjects.

Please note that following the UK’s exit from the European Union, UK based entities are now subject to the UK Data Protection Act 2018 (DPA), which retains the European General Data Protection Regulation (GDPR) in English law.

On 28 June 2021 the EU determined that the UK’s data protection regime was ‘adequate’, meaning that personal data can largely continue to flow between the UK and the EU as before.
Bermuda based entities are subject to the Personal Information Protection Act 2016 (PIPA).
 

Why do we collect data?

Steamship is involved in the provision of insurance to the shipping industry and uses personal information in a number of ways as set out below.

What data do we collect?

Steamship will collect and process a variety of personal information, which may include the following information regarding a data subject:

Underwriting

  • identifying information including name, date of birth, address
  • details of current and past employment, qualifications and skills

Claims

  • identifying information including name, date of birth, address, passport, next of kin details
  • details of current and past employment, qualifications and skills
  • current and past claim information, including medical history and details of specific injury or illness
  • financial information such as income or bank account details

Due Diligence

  • identifying information including name, date of birth, address, passport
  • current and past shareholdings and company directorships
  • criminal offences or alleged criminal offences

Who provides such information to us?

If you want to discuss how information is transferred to us including if you wish to put in place standard data protection clauses please contact us.

Underwriting

  • you, your employer or their agents (such as insurance brokers)
  • public records, financial crime and sanctions screening databases

Claims

  • you or people instructed by you (such as lawyers or medical experts)
  • your employer or their agents (such as insurance brokers)
  • financial crime and sanctions screening databases
  • witnesses, experts (including medical experts), loss adjusters, lawyers and correspondents

Due Diligence

  • you
  • financial crime and sanctions screening databases

For what purpose do we process your information?

Steamship needs to process data to provide insurance and insurance-related services. It also needs to process data to ensure that it is complying with its legal obligations. For example, it needs to take steps to prevent financial crime. Some of the particular purposes for which data is processed are:

Underwriting

  • considering, agreeing and administering insurance cover

Claims

  • considering, managing and defending claims

Other

  • screening for sanctions, financial crime and other legal and regulatory compliance issues
  • investigating fraud and financial crime matters
  • complying with legal or regulatory requirements
  • marketing
  • company reorganisations or business transfers


And on what grounds can we do so?

Underwriting

  • the processing is necessary for Steamship’s legitimate business purposes in considering, agreeing and administering insurance cover

Claims

  • the processing is necessary for Steamship’s legitimate business purposes in considering, managing and defending claims
  • in the case of special category data such as health data, for the establishment, exercise and defence of legal claims

Other

  • the processing is necessary for Steamship’s legitimate business purposes including the prevention of financial crime, and to ensure Steamship’s compliance with legal and regulatory requirements and the compliance of individuals and entities with whom we have a business relationship.


Who will the information be provided to?

As part of the data processing we may on occasion need to provide data to certain 3rd parties who would typically include:

Underwriting

  • external service providers such as banks

Claims

  • correspondents
  • legal advisers
  • courts and tribunals
  • reinsurers
  • regulators, governmental, legal and financial bodies
  • our insureds and their agents                                         

Other

  • regulators, governmental, legal and financial bodies
  • service providers such as those providing screening services and others where there is a business relationship

Some of the above third party recipients may be outside the UK, Bermuda or European Economic Area as applicable. We will take steps to satisfy ourselves that any such transfer will be PIPA, GDPR and DPA-compliant.

Depending on the situation this may include:

  • where the recipient / their country has received an adequacy decision from the UK, Privacy Commissioner for Bermuda, or European Commission as applicable
  • via the use of UK, Privacy Commissioner or European Commission-approved standard data protection clauses
  • where the transfer is necessary for the conclusion or performance of a contract concluded in your interest between Steamship and a third party, such as where the insurance may respond to a claim made by you and the third party is involved in the handling of that claim
  • where the transfer is necessary for the establishment, exercise or defence of legal claims, such as where it is necessary to respond to your claim in a particular jurisdiction
  • necessary to protect your vital interests or those of others in circumstances where the data subject is incapable of giving consent.

Steamship has internal policies and procedures governing data processing, electronic and physical security measures, and data storage and deletion which have been drafted to ensure GDPR and PIPA compliance.

Steamship will keep data while it is needed on an ongoing basis for one of the processing purposes described above, or as otherwise required to comply with regulatory or legal time limits. Where these criteria do not apply, Steamship’s procedures are designed to ensure personal data is deleted when it is no longer needed for the purpose for which it is processed.


Rights of the data subject

A data subject has various rights under the GDPR / PIPA. These may include:

  • the right to request information on the processing of your data, and access to it
  • the rectification of inaccurate data, or erasure of your data, and the right to be notified when this occurs
  • the right to restrict data processing
  • the right to object to processing, including for profiling or marketing purposes
  • the right to data portability – to have your data provided in a structured, commonly used and machine-readable format, and transferred to another data controller without hindrance
  • the right not to be subject to a decision based solely on automated processing
  • the right to lodge a complaint with the appropriate supervisory authority such as the Information Commissioner’s Office (UK), the Privacy Commissioner for Bermuda or the Commissioner for the Protection of Personal Data (Cyprus)

These rights are subject to certain conditions. In order to exercise any of these rights, please contact us using the above contact details.

Steamship does not use any automated decision making when processing personal data. 

In certain circumstances, Steamship may use personal data for limited marketing purposes.