Data Protection

Update May 2018

Privacy Notice

Data Controllers:

Steamship Mutual Underwriting Association Limited and

Steamship Insurance Management Services Limited (together “Steamship”)

Address: Aquatical House, 39 Bell Lane, London, E1 7LU, UK

Tel: +44 (20) 7247 5490

Fax: +44 (20) 7377 9378

Email: graham.jones@simsl.com 


Data Protection Officer: Graham Jones

Tel: +44 (20) 7650 6534

Email: graham.jones@simsl.com 


This Notice summarises how the Controllers collect, use and disclose personal data, and the rights of data subjects.

Why we collect data

Steamship is involved in the provision of insurance to the shipping industry and uses personal information in a number of ways as set out below.

What data do we collect?

Steamship will collect and process a variety of personal information, which may include the following information regarding a data subject:

 Underwriting

  • identifying information including name, date of birth, address
  • details of current and past employment, qualifications and skills

Claims

  • identifying information including name, date of birth, address, passport, next of kin details
  • details of current and past employment, qualifications and skills
  • current and past claim information, including medical history and details of specific injury or illness
  • financial information such as income or bank account details

Due Diligence

  • identifying information including name, date of birth, address, passport
  • current and past shareholdings and company directorships
  • criminal offences or alleged criminal offences

Who provides such information to us?

Underwriting

  • you, your employer or their agents (such as insurance brokers)
  • public records, financial crime and sanctions screening databases

Claims

  • you or people instructed by you (such as lawyers or medical experts)
  • your employer or their agents (such as insurance brokers)
  • financial crime and sanctions screening databases
  • witnesses, experts (including medical experts), loss adjusters, lawyers and correspondents

Due Diligence

  • you
  • financial crime and sanctions screening databases

For what purpose do we process your information?

Steamship needs to process data to provide insurance and insurance-related services. It also needs to process data to ensure that it is complying with its legal obligations. For example, it needs to take steps to prevent financial crime. Some of the particular purposes for which data is processed are:

Underwriting

  • considering, agreeing and administering insurance cover

Claims

  • considering, managing and defending claims

Other

  • screening for sanctions, financial crime and other legal and regulatory compliance issues
  • investigating fraud and financial crime matters
  • complying with legal or regulatory requirements
  • marketing
  • company reorganisations or business transfers


And on what grounds can we do so?

Underwriting

  • the processing is necessary for Steamship’s legitimate business purposes in considering, agreeing and administering insurance cover

Claims

  • the processing is necessary for Steamship’s legitimate business purposes in considering, managing and defending claims
  • in the case of special category data such as health data, for the establishment, exercise and defence of legal claims

Other

  • the processing is necessary for Steamship’s legitimate business purposes including the prevention of financial crime, and to ensure Steamship’s compliance with legal and regulatory requirements and the compliance of individuals and entities with whom we have a business relationship.


Who will the information be provided to?

As part of the data processing we may on occasion need to provide data to certain 3rd parties who would typically include:

Underwriting

  • external service providers such as banks

Claims

  • correspondents
  • legal advisers
  • courts and tribunals
  • reinsurers
  • regulators, governmental, legal and financial bodies
  • our insureds and their agents                                         

Other

  • regulators, governmental, legal and financial bodies
  • service providers such as those providing screening services and others where there is a business relationship

Some of the above third party recipients may be outside the European Economic Area. We will take steps to satisfy ourselves that any such transfer will be GDPR-compliant.

Depending on the situation this may include:

  • where the recipient / their country has received an adequacy decision from the European Commission
  • via the use of European Commission-approved standard data protection clauses (Article 46 GDPR)
  • where the transfer is necessary for the conclusion or performance of a contract concluded in your interest between Steamship and a third party, such as where the insurance may respond to a claim made by you and the third party is involved in the handling of that claim
  • where the transfer is necessary for the establishment, exercise or defence of legal claims, such as where it is necessary to respond to your claim in a particular jurisdiction
  • necessary to protect your vital interests or those of others in circumstances where the data subject is incapable of giving consent.

Steamship has internal policies and procedures governing data processing, electronic and physical security measures, and data storage and deletion which have been drafted to ensure GDPR compliance.

Steamship will keep data while it is needed on an ongoing basis for one of the processing purposes described above, or as otherwise required to comply with regulatory or legal time limits. Where these criteria do not apply, Steamship’s procedures are designed to ensure personal data is deleted when it is no longer needed for the purpose for which it is processed.


Rights of the data subject

A data subject has various rights under the GDPR. These include:

  • the right to request information on the processing of your data, and access to it
  • the rectification of inaccurate data, or erasure of your data, and the right to be notified when this occurs
  • the right to restrict data processing
  • the right to object to processing, including for profiling or direct marketing purposes
  • the right to data portability – to have your data provided in a structured, commonly used and machine-readable format, and transferred to another data controller without hindrance
  • the right not to be subject to a decision based solely on automated processing
  • the right to lodge a complaint with the UK supervisory authority the Information Commissioner’s Office

These rights are subject to certain conditions under the GDPR. In order to exercise any of these rights, please contact us using the above contact details.

Steamship does not use any automated decision making when processing personal data. 

In certain circumstances, Steamship may use personal data for limited marketing purposes.