This Privacy Notice relates to our use of any personal information held by Thomas Smith Insurance Brokers Limited having company registration number C40721 and its registered office at 2, Triq Ġużeppi Ellul, Luqa, Malta as data controllers. Within the context of this Notice, “TSIB” means Thomas Smith Insurance Brokers Ltd and/or any of its affiliates, subsidiaries or associated entities. For information concerning TSIB please visit https://www.tcsinsurancebrokers.com.
The privacy and security of your personal information is important to us. We want to assure you that your information will be properly managed and protected whilst in our hands. It continues to apply even if your agreement for the provision of insurance services with us ends and should be read in conjunction with the terms and conditions of your policy. Any consents and authorisations that were provided by you in relation to your information shall continue to apply in full force and effect, to the extent permissible by applicable law.
Our services consist primarily of risk consulting and insurance broking, which enable the consideration of, access to, administration of and making of claims on insurance. To arrange insurance cover and handle insurance claims, we, along with other stakeholders in the insurance industry, are required to use and share personal data. During the insurance lifecycle we will receive personal data relating to potential or actual policyholders, beneficiaries under a policy, their family members, claimants and other parties involved in a claim. Therefore, the term “you” or “your” includes any living person from the preceding list, whose personal data we may receive in connection with the services we provide under our engagements with our clients. This Notice sets out our use of any personal information and the disclosures we make to other insurance market participants and other third parties. We collect data through various means, such as email, telephone, in person or other third-party sources. We also collect from you via online services such as any Thomas Smith Group website that links to this Notice (“Websites”), social media or TSIB content on other websites, mobile device and similar applications (“Apps”).
Data Protection Legislation
The data protection legislation in Malta is the Data Protection Act Chapter 586, “DPA”, and implements Regulation 2016/679 of the European Union on the protection of personal data, “GDPR”, This Act repeals European Directive 95/46/EC from 25th May 2018.
The information we collect and how we collect it
We may receive personal information about you when you contact TSIB, for example by doing any of the following:
- Requesting or obtaining a quote for a service or an insurance product from us
- Using the Website and Apps
- Entering TSIB competitions
- Telephoning, texting, writing by post or email, or communicating via online channels, to TSIB or when you visit our offices or when we visit you
- Making a claim
This information may include:
- Individual details – name, address (and proof of address), other contact details including email and telephone details, gender, marital status, family details, date and place of birth, employer, job title and employment history, relationship to the policyholder, insured, beneficiary or claimant.
- Identification details – identification numbers issued by government bodies or agencies such as social security or national insurance number, passport number, ID number, tax identification number, driver’s license number.
- Financial information – payment card number, bank account number and account details, income and other financial information.
- Insured risk – information about the insured risk, which contains personal information and may include, only to the extent relevant to the risk bring insured:
- Health Data – current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits such as smoking or consumption of alcohol, prescription information, medical history;
- Criminal Records Data – criminal convictions, regarding relevant driving offences for assessing motor insurance risks; and
- Other Special Categories of Personal Data – racial or ethnic, genetic data, biometric data.
- Policy information – information about the quotes you receive and the policies you obtain.
- Credit and anti-fraud data – credit history and credit score, information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies.
- Previous claims – information about previous claims, which may include health data, criminal records data and other Special Categories of Personal Data (as described in the Insured risk definition above).
- Current claims – information about current claims, which may include health data, criminal records data and other Special Categories of Personal Data (as described in the Insured risk definition above).
- Marketing data – if you have consented to receive marketing from us.
- Website and communication usage – details of your visits to our Websites and information collected through cookies and other tracking technologies, included, but not limited to, your IP address, and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.
Personal data does not include data where the identity has been removed (anonymous data).
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered such in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
Information from other sources
Information we collect could be either supplied by you or a person you have appointed to supply us with this information. We can also generate information about you for example cookies or similar technologies used to recognise you and remember your preferences. Information can also be collected from other sources such as due diligence and sanctions checks or fraud prevention platforms as well as publicly available sources of information.
Information may at times be provided to us by insurers or an insurance intermediary or from other parties involved in your insurance policy or claim such as your employer where your insurance policy is being purchased through or by them.
To ensure we have the necessary facts to assess your insurance risk, verify your identity, to help prevent, detect and suppress fraud and to provide you with our best premium options, we may obtain information relating to you from third parties at quotation inception and renewal and in certain circumstances where policy amendments are requested or at claims stage.
We may obtain information about you from medical professionals. We will seek your permission to contact these people for your information.
We may obtain information about you from third party suppliers and third-party databases, such as other insurers or insurance intermediaries or fraud prevention databases to detect, suppress and prevent fraudulent activity.
Personal information about others
We may collect information about other members of your household or family or individuals to be covered under a policy, for example, family members who may drive your car or persons who may be included on a travel or health insurance policy or who may be beneficiaries under any policy.
If you give us information about another person, it is your responsibility to ensure and confirm that:
- you have told the individual who TSIB is and how we use personal information, as set out in this Privacy Notice;
- you have permission from the individual to provide that personal information to us and for us to process it, as set out in this Privacy Notice; and
- to make them aware of any terms and conditions contained in the relevant insurance policy.
How we use your personal information
The personal data you provide will be used by us for the administration of quotes and policies, including to:
- improve your experience by reducing the number of questions we need to ask you;
- assess your application for a product, service or quote;
- understand your risk so as to offer you the best options;
- verify your identity and carry out anti-fraud checks;
- provide you with premium options;
- administer your policy including updating you on and delivering our services;
- handle claims; and
- deal with complaints.
We may use the data for insurance underwriting purposes, that is to examine the potential risk in relation to your (and/or a third party’s) prospective policy so that we can:
- Take decisions about the provision and administration of insurance and related services for you (and other persons covered); and
- Validate your (or any person or property likely to be involved in the policy or claim) claims history (at any time including upon application for insurance, in the event of an accident or a claim, or at a time of renewal).
We will also use the data for compliance with legal and contractual obligations and responsibilities, for managing claims when we may need to disclose information with any other party involved in that claim (for example third party, their insurer, legal advisor or representatives, medical experts, the police or other investigators as well as reinsurers) and for managing complaints when if you make a complaint about the service we have provided you, we may be obliged to forward details about your complaints, including your personal information, to the Arbiter for Financial Services.
Information collected from your use of our Websites or Apps
We collect information through “Cookies” and other similar technologies to remember you when you visit the Websites and Apps and so we can improve your online experience to suit your needs. These help us understand how you and others use our Websites and Apps, view our products and respond to our advertising, so we can tailor direct marketing and enhance our overall product and service offering. This also saves you from re-inputting information when you return to the Websites or Apps.
When you receive direct marketing from us via email, we may use technology such as pixel tags or links to determine your use of and interest in our direct marketing.
When you visit one of our websites or Apps, we may record your device information including hardware and software used, general location, when and how you interact with our websites and Apps. This information is retained and used to note your interest in our Websites and Apps, improve customer use experience, determine pricing and/or offer you available discounts. Sometimes you may be able to sign-in to a TSIB app or service via a third-party service, such as Facebook. Where we use or share information from or with these sources, we will respect any permissions you have set about how you would like your information to be used.
We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms.
Use and Sharing of information
Your information may be used for the insurance purposes described above in this Privacy Notice by TSIB, its associated companies, intermediaries, insurers and by re-insurers.
If you give us information about another person, in doing so you confirm that they have given you permission to provide it to us and for us to be able to process their personal data (including any Special Categories of Personal Data) and also that you have told them who we are and what we will use their data for, as set out in this Privacy Notice.
In assessing your application or at renewal or when issuing an endorsement, the insurer or its intermediaries may undertake checks against publicly available information (such as electoral register, court judgements, or court orders). Similar checks may be made in assessing any claims made.
Information may also be shared with other insurers either directly or via those acting for the insurer (such as loss adjusters, surveyors or investigators) for claims handling purposes.
We may also use your information for research or statistical purposes, including to analyse how people use our Websites, view our products, respond to our advertising and to improve our understanding of what customers need.
We may use your information for training purposes, to improve our services and their delivery, for example by recording telephone calls.
If you request a quote, or purchase a product or service from us, your personal information may be used to communicate with you about your quote, product or service, including improvements we make to the ways you can access your information.
We may disclose your information to third party suppliers or service providers to conduct our business, for example, to help administer your policy, to help us manage and store data, provide data analytics, conduct market research and to communicate with you effectively. This may include online or digital partners we work with, so we, or our online or digital partners on our behalf, can communicate with you through their platforms.
Compliance with laws and regulatory obligations
We may, as a matter of law, and without requiring notice or consent, use your information as:
- permitted and required by law;
- required to comply with a judicial proceeding, court order or legal process; and
- for compliance or regulatory purposes.
Data transfer and consent
Your information may be transferred to insurers in Malta and to intermediaries, insurers, reinsurers or reinsurance brokers outside Malta, including countries outside of the European Economic Area (EEA), for processing, storage, administration or any other use stated in this notice. The purposes and processing associated with any such transfer will comply with all applicable data protection regulations, including the GDPR, and with our obligation to adequately protect and secure your personal information. Where required under applicable laws we will take measures to ensure that personal information handled in other countries will receive at least the same level of protection as it is given in the EEA.
By providing your personal information to TSIB you consent to the transfer of your information as described above.
Your consent to the above may be necessary for us to be able to provide the services requested.
You may withdraw your consent to such processing at any time by contacting our Data Protection Officer by email on email@example.com. However, doing so may prevent us from continuing to provide you the relevant services. In addition, if you withdraw consent to our / an insurer’s or reinsurer’s processing of personal information, including Special Categories of Personal Data, it may not be possible for the insurance cover to continue.
We are committed to protecting the confidentiality and security of the information that you provide to us and we put in place appropriate technical, physical and organisational security measures to protect against any unauthorised access or damage to, or disclosure or loss of, your information.
You should also be aware that communications over the internet, such as e-mails, are not secure unless they have been encrypted. Websites and social media links may contain links to third party websites. These other websites will be subject to their own privacy policies which may differ from this Privacy Notice. You should carefully read the privacy policies of these websites before submitting any personal information.
Managing your marketing preferences
We may use your information to:
- provide you with updates and offers for TSIB’s products and services via marketing tailored to you, whether through online digital services (for example online advertising, social media communications), or by direct marketing (for example phone, e-mail, text, post); and
- identify, tailor and package our products and services, determine pricing and offer discounts that may be of interest to you.
We will always give you the opportunity to ‘opt out’ of direct marketing when you complete a registration with us, request an online quote, purchase a product or service online or receive any email, text or other direct marketing communication.
You can change your marketing preferences at any other time by contacting us on the details given below. If you opt-out of receiving marketing information we may still use your contact details to convey important information regarding an existing policy or claim or for us to comply with our regulatory obligations.
Update your information or change your marketing preferences
Please let us know if your information changes as it is important that the information we hold about you is accurate and up to date.
You can ask us to update or correct your personal information or opt out of TSIB’s use of your information for direct marketing purposes by contacting us using any of the following methods:
to update or correct your personal information – [email protected]
to opt out – firstname.lastname@example.org
Data Protection Officer
Thomas Smith Insurance Brokers Limited
1, War Victims Square
Your rights as a data subject
You have the right to request access to the personal information we hold about you. To do this, simply write to us at the address above. We will take all reasonable steps to confirm your identity before providing you with details of any personal information we may hold about you.
In certain instances, you may withdraw your consent to our processing of your personal information or request that we restrict the processing of your information or erase your information. However, we may continue to process your personal information if we have a legitimate interest or a legal obligation to do so.
Your personal information will be kept for no longer than the following retention periods:
Personal Data in relation to quotations not taken up by data subjects
As a measure to combat insurance fraud.
Personal Data in relation to expired or lapsed insurance contracts
10 years from the closure of all outstanding policy claims or policy expiry whichever comes last. This period will however be of 30 years in regards to liability insurance due to the long-tail nature of such business as experienced by case history.
Due to legal compliance obligations and a legitimate interest of the controller which will be stated by insurer.
As a necessity for the performance of a contract with the data subject.
As a measure to combat insurance fraud.
Personal Data in relation to insurance claims including 3rd party claims data
10 years from the closure of all outstanding policy claims
As a measure to combat insurance fraud.
Due to legal compliance obligations of the controller.
Audit and Tax purposes.
The retention periods indicated above do not relate to personal data which has been anonymised. Such anonymised data may be retained indefinitely.
Changes to this Privacy Notice
We may amend this Privacy Notice from time to time for example, to keep it up to date or to comply with legal requirements. You should regularly check this Privacy Notice for updates. If there will be any significant changes made to the use of your personal information in a manner different from that stated at the time of collection, we will notify you by posting a notice on our Website.