APOLLO SYNDICATE MANAGEMENT LIMITED PRIVACY NOTICE

1. WHO WE ARE

Apollo Syndicate Management Limited (“Apollo”) is a Lloyd’s Managing Agency. Our managed syndicates underwrite insurance and reinsurance business in the Lloyd’s building in London.

The underwriting process will frequently involve the collection and processing of assureds’ Personal Data. Apollo uses Personal Data primarily in order to evaluate risk, monitor exposures and to manage claims. Further information about how we use your personal data can be found in section 2 below.

The London insurance market is a complex network of insurers, brokers, reinsurers and professional services firms. Your data will often be shared by market participants through the market lifecycle in order for appropriate insurance coverage to be secured and for claims to be managed and settled. Further information about who we share your personal data with can be found in section 5 below.

The contact details of our Head of Compliance are shown below. Please contact the Head of Compliance should you have any queries about how we handle your personal data, or wish to exercise any of your rights, as detailed in section 9 below.

Head of Compliance: Peter Bowden
Address: One Bishopsgate, London, EC2N 3AQ
Tel:  +44 (0)20 3169 1970
Email: peter.bowden@apollounderwriting.com

Further information about how Personal Data is collected and shared in the London Insurance Market (including a glossary of kety insurance terms) can be found in the insurance Market Core Uses Information Notice below.

2. WHY WE COLLECT AND PROCESS YOUR PERSONAL DATA

The purposes that Apollo might use your personal data for are listed below:

Quotation/ Inception:
• Setting you up as a client, including possible fraud, sanctions, credit and anti-money laundering checks
• Evaluating the risks to be covered and matching to appropriate policy/ premium
• Payment of premium where the insured/policyholder is an individual

Policy administration:
• Client care, including communicating with you and sending you updates
• Payments to and from individuals

Claims Processing:
• Managing insurance and reinsurance claims
• Defending or prosecuting legal claims
• Investigation or prosecuting fraud

Renewals:
• Contacting the insured/policyholder to renew the insurance policy
• Evaluating the risks to be covered and matching to appropriate policy/premium
• Payment of premium where the insured/policyholder is an individual

Other purposes outside of the insurance lifecycle but necessary for the provision of insurance throughout the insurance lifecycle period:
• Complying with our legal or regulatory obligations
• Risk and exposure modelling and monitoring
• Transferring books of business, company sales & reorganisations

The lawful basis that we normally rely on for the collection and processing of personal data is that it is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.

Occasionally we may rely on your consent as the lawful basis for processing special categories of personal data, such as medical and criminal convictions records. For this to apply, we must obtain your clear consent for us to process your personal data for a specific purpose.

You may withdraw your consent to such processing at any time. However, if you withdraw your consent this may impact our ability to provide insurance or pay claims.

The full list of the legal grounds that we might rely on for the purpose of processing Personal Data under the UK General Data Protection Regulation (UK GDPR) is shown below:

FOR PROCESSING PERSONAL DATA

Performance of our contract with you
Processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.

Compliance with a legal obligation
Processing is necessary for compliance with a legal obligation to which we are subject.

Protection of vital interests of you or another person
Processing is necessary in order to protect the vital interests of you or of another natural person.

In the public interest
Processing is necessary for the performance of a task carried out in the public interest.

For our legitimate business interests
Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where you are a child. These legitimate interests are set out next to each purpose.

FOR PROCESSING SPECIAL CATEGORIES OF PERSONAL DATA

Your explicit consent (optional)
You have given your explicit consent to the processing of those personal data for one or more specified purposes.You are free to withdraw your consent, by contacting our Head of Compliance.

Your explicit consent (necessary)
You have given your explicit consent to the processing of those personal data for one or more specified purposes, where we are unable to procure, provide or administer insurance cover without this consent.You are free to withdraw your consent by contacting our Head of Compliance. However withdrawal of this consent will impact our ability to provide insurance or pay claims.

Protection of vital interests of you or another person, where you are unable to consent
Processing is necessary to protect the vital interests of you or of another natural person where you are physically or legally incapable of giving consent.

For legal claims
Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.

In the substantial public interest
Processing is necessary for reasons of substantial public interest, on the basis of EU or UK law.

For health services
Processing is necessary for the purposes of preventive or occupational medicine, for medical diagnosis, the provision of health or social care or treatment on the basis of EU or UK law or pursuant to contract with a health professional who is under legal or professional obligations of secrecy

3. THE TYPES OF PERSONAL DATA THAT WE COLLECT

In order for us to provide insurance quotes, insurance policies, and/or deal with any claims or complaints, we need to collect and process personal data about you. The types of personal data that are processed may include:

Individual details
Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you

Identification details

Identification numbers issued by government bodies or agencies, including your national insurance number, passport number, tax identification number and driving licence number

Financial information
Bank account or payment card details, income or other financial information

Risk details
Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include data relating to your health, criminal convictions, or other special categories of personal data. For certain types of policy, this could also include telematics data

Policy information
Information about the quotes you receive and policies you take out

Credit and anti-fraud data
Credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you

Special categories of personal data
Certain categories of personal data which have additional protection under the GDPR. The categories are health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation

4. HOW WE OBTAIN YOUR PERSONAL DATA

We collect your personal data from various sources, which may include:

  • You;
  • Your family members, employer or representative;
  • Other insurance market participants;
  • Credit reference agencies;
  • Anti-fraud databases, sanctions lists, court judgements and other databases;
  • Government agencies such as the DVLA and HMRC;
  • Open electoral register; or
  • In the event of a claim, third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, solicitors, and claims handlers

Which of the above sources apply will depend on your particular circumstances

5. WHO WE SHARE YOUR PERSONAL DATA WITH

The parties with whom we may share your Personal Data, and the reasons for sharing it, are listed in the table below:

Who the personal data is shared with Reason for sharing your personal data
Affiliates of Apollo Internal administration
Reinsurance brokers Risk sharing
Reinsurers Risk sharing
Co-insurers Risk sharing
Exposure modelling companies Exposure management
London market data management companies Policy administration
Auditors and actuaries Regulatory
Credit reference agencies To obtain credit reports of counterparties
Anti-fraud databases To check bona fides of counterparties
Banks Premium collection
Solicitors / attorneys Claims management
Loss adjusters Claims management
Experts Claims management
Third parties involved in a claims Claims management
Private investigators Claims management
Police / law enforcement agencies Claims management
Courts Company sales / reorganisations
PRA, FCA and other regulator Regulatory

Further information about how Personal Data is collected and shared in the London Insurance Market (including a glossary of key insurance terms) can be found in the insurance Market Core Uses Information Notice below.

6. DETAILS OF TRANSFERS TO THIRD COUNTRY AND SAFEGUARDS

We may need to transfer your data to insurance market participants or their affiliates or sub-contractors which are located outside of the United Kingdom. Those transfers would always be made in compliance with the UKGDPR.

If you would like further details of how your personal data would be protected if transferred outside the United Kingdom, please contact Apollo’s Head of Compliance.

7. HOW LONG WE KEEP YOUR PERSONAL DATA FOR

We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected. In particular, for so long as there is any possibility that either you or we may wish to bring a legal claim under this insurance, or where we are required to keep your personal data due to legal or regulatory reasons.

8. PROFILING AND AUTOMATED DECISION MAKING

When calculating insurance premiums Apollo may compare your personal data against industry averages. Your personal data may also be used to create the industry averages going forwards. This is known as profiling and is used to ensure premiums reflect risk.

Profiling may also be used by Apollo to assess information you provide to understand fraud patterns. Where special categories of personal data are relevant, such as medical history for life insurance or past motoring convictions for motor insurance, your special categories of personal data may also be used for profiling.

Apollo does not currently make decisions based on profiling and without staff intervention (known as automatic decision making). Should automatic decision making be adopted by Apollo in the future, our Privacy Policy will be updated to reflect:

  • Where we use such automated decision making
  • The logic involved
  • The consequences of the automated decision making
  • Any facility for you to have the logic explained to you and to submit further information so the decision may be reconsidered.

9. YOUR RIGHTS

If you have any questions in relation to our use of your personal data, you should contact Apollo’s Head of Compliance. Under certain conditions, you may have the right to require us to:

  • Provide you with further details on the use we make of your personal data/special category of data;
  • Provide you with a copy of the personal data that you have provided to us;
  • Update any inaccuracies in the personal data we hold;
  • Delete any special category of data/personal data that we no longer have a lawful ground to use;
  • Where processing is based on consent, to withdraw your consent so that we stop that particular processing;
  • Object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
  • Restrict how we use your personal data whilst a complaint is being investigated. In certain circumstances, we may need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).

10. YOUR RIGHT TO COMPLAIN TO THE INFORMATION COMMISSIONER’S OFFICE (ICO)

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights, or if you think that we have breached the UK GDPR, then you have the right to complain to the ICO. Please see below for contact details of the ICO.

England
‍Information Commissioner’s Office
Wycliffe House
Water Lane, Wilmslow
Cheshire SK9 5AF
Tel: +44 (0)303 123 1113 (local rate)
or +44 (0)1625 545 745 (national rate)
E-mail: casework@ico.org.uk

Scotland
Information Commissioner’s Office
45 Melville Street
Edinburgh
EH3 7HL
Tel: +44 (0)131 244 9001
E-mail: scotland@ico.org.uk

Wales
Information Commissioner’s Office
2nd floor Churchill House
Churchill Way, Cardiff
CF10 2HH
Tel:+44 (0)29 2067 8400
E-mail: wales@ico.org.uk

Northern Ireland
Information Commissioner’s Office
3rd Floor 14 Cromac Place
Belfast BT7 2JB
Tel: +44 (0)303 123 1114 (local rate) or
+44 (0)28 9027 8757 (national rate)
E-mail: ni@ico.org.uk