Menu
Empowered Expertise

Privacy

In this Notice, when we refer to “TMK”, “we, us, or our”, we mean the entities set out below in the section Who are we?

This Notice will explain to you how we collect, use and share your personal data for the purpose of operating our business, websites, and managing our relationships with suppliers. It will also inform you of your rights relating to your personal data. If you are a job applicant who has provided your personal data to us for recruitment purposes, please click here for our Candidate Privacy Notice.

If you provide personal data about other persons to us, such as family, friends or other associates, you must seek their permissions and inform them in the first instance and share a copy of this Notice with them.

Who are we?

This Notice covers:

  • Tokio Marine Kiln Group Limited and all its UK subsidiaries including:
  • Tokio Marine Kiln Insurance Services Limited
  • Tokio Marine Kiln Insurance Ltd
  • Tokio Marine Kiln Syndicates Limited
  • Tokio Marine Kiln Regional Underwriting Limited
  • Kiln Pension Guarantee Limited
  • Tokio Marine Europe Limited
  • Tokio Marine Underwriting Limited

Where services are provided by other subsidiaries of Tokio Marine Kiln Group Limited or other entities in the Tokio Marine group, you should refer to the privacy notices of those companies.

TMK is a data controller in respect of personal data which we receive in connection with the services that we provide to our clients. This means that we are responsible for deciding how we can use your personal data. Our handling of data is consistent with the core necessary personal data uses and disclosures set out in the London Insurance Market Core Uses Information Notice.

What personal data do we collect?

Personal data is any information that relates to a living person and that identifies you either directly from that information or indirectly, by reference to other information that we have access to.

The personal data that we collect, and how we collect it, depends upon how you interact with us.

The personal data that we collect includes:

  •          Individual Details

Name, address (and proof of address), other contact details (e.g. email and telephone details), gender, marital status, family details, date and place of birth, nationality, employer, job title and employment history, educational and technical qualifications, family details and their relationship to you, and your images.

  •          Identification information

Identification numbers issued by government bodies or agencies (e.g. depending on the country you are in, social security or national insurance number, passport number, identification number, tax number, driver's licence number).

  •          Financial information

Payment card and bank account details, income and other financial information.

  •          Risk details

Information about you which we collect in order to assess the risk to be insured and provide a quote. This includes information relating to your health, criminal convictions, or other special categories of personal data. For certain types of policies, this includes telematics data.

  •          Health information

Current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g. smoking or consumption of alcohol), prescription information and medical history.

  •          Criminal records

Criminal convictions, criminal offences (including driving offences) and related security measures.

  •          Other sensitive personal data

Racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data and information concerning an individual's sex life or sexual orientation.

  •          Policy information

Information about the quotes you receive and policies you take out.

  •          Credit and anti-fraud data

Credit history and credit score, sanctions and criminal offences information received from various anti-fraud databases relating to you.

  •          Previous and current claims

Information about previous and current claims, (including other unrelated insurances), which may include information relating to your health, criminal convictions, or other special categories of personal data and in some cases, surveillance reports.

  •          Marketing information

Your individual details and marketing preferences. Where we rely on consent as a basis for collecting and using your personal data, we will also keep records of whether or not you have consented to receive marketing from us and/or from third parties.

  •          Website and communication usage

Details of your visits to our websites and information collected through cookies and other tracking technologies, including your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access. For information about how we use cookies and the choices you may have, please see the cookies policies which are available on our websites that your visit.

  •          CCTV images

Your images are captured by CCTV cameras operated by us. No voice is recorded by our CCTV system.

Who do we obtain your personal data from?

We collect personal data from various sources, including:

  • you
  • your family members, representative, employer or trade or professional associations
  • other insurance market participants, such as insurance intermediaries (e.g. introducers, brokers, agents and coverholders), insurers and reinsurers
  • credit reference agencies
  • anti-fraud databases, sanction lists, court judgements and other databases
  • government agencies such as vehicle registration authorities and tax authorities
  • publicly available information including the open electoral register
  • in the event of a claim, third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, legal advisors, and claims handlers
  • suppliers providing products and services to us

How do we obtain your personal data?

We collect personal data in the course of our business including:

  •          When you request a service from us

For example, if you ask us to obtain insurance quotes, or if you contact us to make an enquiry about a product or a service that we provide.

  •          Providing a service/ product to our clients

Our services and products include insurance products and services (including underwriting, coverholder services and insurance administration). In these cases, your personal data will normally be provided to us by our clients (or intermediaries acting on behalf of our clients), or sometimes our clients may ask us to contact you directly. We will also obtain information from other third parties (see ).

  •          When you use our website or one of our online services

We collect information about your visit and how you interact with our website. We use various technologies to collect and store information when you visit our websites. For information about how we use cookies and the choices you may have, please see our cookies policies available on our websites that you visit.

  •         When you sign up to attend or attend one of our events

We will ask you to provide your personal data and those of your guest, including meal preferences.

  •         When you visit our business premises

We collect information that we need in order to identify you and complete necessary security checks. We also collect your images on our CCTV cameras which are installed at the entrances and exits of our premises and within our premises.

  •          When we engage or are proposing to engage the services or purchase products from a supplier

We collect information necessary to administer our relationship with a supplier including review of our supplier’s capabilities and qualifications, communicate with our suppliers or proposed suppliers, make payments and recover money owed to us, and perform any ongoing monitoring and investigations where required.

  •          Whenever you contact us or engage us on social media

We retain a copy of your email or other correspondence as a record of your communication with us. This will include occasions when you contact us for a general enquiry, a complaint or to exercise your rights in relation to your personal data.

  •          Merger or acquisition

If we are in a process of merger, acquisition or asset transaction, we may acquire your personal data from the involved third party.

What does TMK use your personal data for and what is our legal basis for the use?

Under data protection laws we need a reason to collect and use your personal data and this is called a legal basis. We have set out below our purposes for processing your personal data and our legal basis for doing so.

Purposes for processing personal data

Legal basis

Providing a service/ product to our clients

 

Quotation/ inception

  • Setting you up as a client, including possible fraud, sanctions, credit and anti-money laundering checks
  • Evaluating the risks to be covered and matching to appropriate policy/ premium
  •  Compliance with legal obligations
  •  Legitimate interests to:
    - ensure that the client is within our acceptable risk profile
    - determine the likely risk profile and appropriate insurance product and premium
  • Performance of our contract with you
  • Assist with the prevention of crime and fraud

Policy administration

  • Client care, including communicating with you and sending you updates
  •  Compliance with legal obligations
  •  Legitimate interests to:
    - correspond with you in order to facilitate the placing of and claims under insurance policie
    - manage client relationships
  • Performance of our contract with you

Claims processing

  •  Managing insurance and reinsurance claims
  •  Defending or prosecuting legal claims
  •  Investigation or prosecuting fraud
  •  Compliance with legal obligations
  •  Legitimate interests to:
    - assess the veracity and quantum of claims
    - defend and make claims
    - assist with the prevention and detection of fraud
  • Performance of our contract with you

Renewals

  • Evaluating the risks to be covered and matching to appropriate policy/ premium
  •  Legitimate interests to:
    - correspond with you in order to facilitate the placing of and claims under insurance policies
  • Performance of our contract with you

Support and other business activities

  • Providing technical, customer service and other support
  • Responding to your queries and requests for information
  • Communicating with you in connection with providing a service/ product to our clients or prospective clients
  • Collecting or refunding payments
  •  Legitimate interests to:
    - provide the relevant support and services
    - conduct the relevant business activities
  • Performance of our contract with you

Other business purposes

 

Conducting data analytics

  • General risk modelling
  • Other data analytics: Our business relies on developing products and services by drawing on our experience from prior engagements.
  • We are not concerned with an analysis of identifiable individuals, and we take steps to ensure that whenever appropriate, personal data is anonymised or pseudonymised.
  •  Legitimate interests to:
    - build risk models that allow accepting of risk with appropriate premiums
  •  Pursue the commercial needs of our business

Contacting and marketing to our clients and prospective clients

  • Sending newsletters and other marketing communications to individual representatives of our corporate clients or prospective clients
  •  Inviting individual representatives of our corporate clients or prospective clients to events (and arrange and administer those events)
  •  Legitimate interests to:
    - Pursue the commercial needs of our business

Conducting surveys and other evaluations

  • E.g. customer satisfaction surveys and other surveys for research and analytical purposes
  •  Legitimate interests to:
    - Use personal data for improvement of our services and products

Websites

 

Operation and use of our websites

  • Better understand how users access and use our services and websites
  • Evaluate and improve our websites, services and business operations, and to develop new features, offerings and services
  • Facilitating your participation in interactive features you may choose to use on our websites and personalising your experience on the websites by presenting content tailored to you
  • Your consent to use your personal data for the purposes
  • Legitimate interests to:
    - ensure and improve the safety, security and performance of our websites
    - provide you with a better experience when visiting our websites

Legal, compliance and corporate governance

 

  • Manage queries, complaints and respond to data subject right requests
  •  Compliance with legal obligations
  •  Legitimate interests to:
    - investigate and respond to queries, complaints and respond to data subject right requests
  • Complying with our legal and regulatory obligations, and law enforcement requests
  •  Compliance with legal obligations
  •  Legitimate interests to:
    - comply with regulatory requirements
    - protect our business
  • Performing financial, tax and accounting audits, audits and assessments of our operations, privacy, security and financial controls, our general business, accounting, record keeping and legal functions
  •  Compliance with legal obligations
  •  Legitimate interest to:
    - understand our business
    - monitor our performance
    - maintain appropriate records
    - protect and secure our systems
    - defend and make legal claims
  • Purposes related to any actual or contemplated merger, acquisition, asset sale or transfer, financing, dissolution or restructuring of all or part of our business
  •  Legitimate interests to:
    - structure our business appropriately

Securing and protecting our business

 
  •  Protecting and securing our business operations, assets, services, network and information and technology resources
  •  Legitimate interests to:
    - protect and secure our business and systems appropriately

Use of CCTV

 
  • To protect the safety of our visitors, employees and contractors, as well as property and information located or stored on the premises
  • To prevent, deter, and if necessary, investigate unauthorised physical access to our premises
  • To prevent, detect and investigate any crime within our premises or threats to the safety of individuals within our premises (e.g. fire, physical assault)
  • The CCTV system is not used for any other purpose, such as to monitor the work of employees or their attendance.
  •  Legitimate interests to:
    - protect the security of our premises

 

Sensitive personal data

Sensitive personal data refers to health information, criminal records and other sensitive personal data. See the section above under What personal data do we collect?

If we use certain sensitive personal data, data protection laws require that we must have an additional legal basis.

The additional legal basis that we rely on for processing sensitive personal data is that it is necessary for an insurance purpose and for reasons of substantial public interest, and to protect, investigate and defend legal claims.

Who do we share your personal data with?

We share personal data (except for CCTV images) within and outside the Tokio Marine group of companies. These persons may act as data controllers or data processors of your personal data. A data controller is responsible for deciding how to use your personal data, while a data processor only processes your personal data on behalf of a controller that it provides services to.

We will not generally disclose your CCTV images to anyone outside of TMK except where a right of access is exercised by you or where we are asked to make the disclosures to law enforcement agencies, to comply with any law, regulation or court order or to protect our property or the rights of persons who have been injured, attacked or had property damaged or stolen.

Other companies

We may disclose your personal data to or share it with:

  •          The relevant insurance market participants and other companies

The insurance lifecycle involves the sharing of your personal data between the various insurance market participants and other companies.

We may disclose your personal data to our insurance partners and other companies such as brokers, other insurers, reinsurers, coverholders and companies who act as insurance intermediaries. These insurance market participants and other companies would usually operate as independent data controllers of personal data, and are responsible for their own compliance with data protection laws. You should refer to their privacy notices for more information about their practices.

We may disclose your personal data to companies who process your personal data on our behalf, such as those who are involved in risk assessment, handling, investigation, defence or prosecution of claims, administration of insurance policies, loss adjustment and information providers such as screening, due diligence and anti-fraud databases.

  •          Other authorised service providers

We may disclose your personal data to service providers we have retained to provide services to us.

Service providers such as banks, financial organisations and advisers, auditors, lawyers and tax advisers are independent data controllers of personal data which they receive from us.

Other service providers such as our marketing agencies, document management providers and IT service providers who manage our IT and back office systems are data processors and process on our behalf, those personal data which they receive from us.

Within the Tokio Marine group of companies

We are part of the Tokio Marine Holdings, Inc. group of companies and other entities operating throughout the world. Your personal data is shared with our group entities for the purposes of providing services between our group entities, for our general business administration, reporting or regulatory/ compliance purposes. Our group entities may either act as data controllers or data processors of personal data. 

Legal and regulatory obligations

We will make disclosures in order to meet our legal and regulatory obligations to law enforcement agencies, government and regulatory bodies such as the Prudential Regulatory Authority, the Financial Conduct Authority, the Information Commissioner’s Office and other regulators as required by law, who act as independent data controllers of the personal data.

We may make disclosures of your personal data for the purposes of legal proceedings, obtaining legal advice and complying with our obligations under the data protection and other laws.

Mergers and acquisitions

We may disclose your personal data in connection with the sale, transfer or disposal of our business to third parties who act as independent data controllers of the personal data.

How long will TMK retain your data

We will retain your personal data in accordance with our Data Retention Schedule  for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. Our retention periods for personal data are determined based on our business needs and legal requirements. For example, we retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. Please note that personal data that has been deleted from our systems may persist in our backups, but will not be readily accessible.

CCTV data

We will keep your personal information for approximately one month after the recording was made. After this time the recording stored on the hard drive of our CCTV system will usually be overwritten. However, if we receive an enquiry about a particular recording on our CCTV, will retain that part of the recording until it is no longer required. This period can vary as it will depend upon the circumstances of the particular case, but for criminal or civil legal proceedings this could mean that the personal information is retained until after the legal case and any appeals have been concluded, which may be many years after. As soon as it is no longer required we will then delete the personal information.

What are your rights?

Right of access

You have the right of access to information we hold about or concerning you

Right of rectification or erasure

If you feel that any information that we hold about you is inaccurate you have the right to ask us to correct or rectify it.  You also have a right to ask us to erase information about you where the information is no longer needed by us, where we are unlawfully processing your personal data, or where our processing of your personal data is based on your consent.  Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it. Where we have disclosed your personal data to another person, we will shall take all reasonable steps to inform those with whom we have shared your personal data about your request to erase or correct/ rectify the personal data.

Right to object or restrict processing

You have a right to object to our processing of your personal data where our processing is based on legitimate interests. This includes the right to object to any direct marketing we may undertake and to any automated decisions based on profiling which we may carry out. You also have a right to request that we restrict processing your personal data while we consider your request to rectify or erase the personal data. Again, there may be circumstances where you object to or ask us to restrict our processing of your personal information but we are legally entitled to refuse that request.

Right to portability

You may a right to receive any personal data that you have provided to us in a commonly used, machine readable format in order to transfer it to another data controller. This is called a data portability request and is only available where we process your personal data on the basis of your consent or for the performance of our contract with you.

Right to withdraw consent

You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent.  

Right of complaint

You have a right to lodge a complaint at any time about how we are handling your personal data with the UK’s Information Commissioner’s Office who can be contacted at www.ico.org.uk. However, we hope that before you do so, you will first contact us at dpo@tokiomarinekiln.com to let us know. We wish to assure you that we are committed to working with you to settle any concern or complaint your may have about how we handle your personal data. 

 If you would like to find out more about your rights please email us at dpo@tokiomarinekiln.com.

Where will your personal data be processed?

If TMK transfers personal data outside of the UK, we will take measures to ensure all adequate safeguards are in place that matches the EU Data Protection standards, in accordance with legal requirements.

Certain countries outside the European Economic Area (EEA) have been approved by the European Commission as providing equivalent protections as EEA data protection laws. UK data protection laws allow TMK to freely transfer personal data to these countries.

Where recipients are located in countries which do not provide an adequate level of protection from a UK data protection law perspective, we will base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority, approved codes of conduct or certification mechanisms together with binding and enforceable commitments of the recipient, or derogations.

How does TMK secure your personal data?

The security of your personal data is important to us and we have implemented reasonable physical, technical and administrative security standards to protect personal data from loss, misuse, alteration or destruction.

We protect your personal data against unauthorised access, use or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorised individuals access your personal data, and they receive training about the importance of protecting personal data.

Our service providers and agents who process personal data on our behalf are contractually bound to maintain the confidentiality of personal data and may not use the personal data for any unauthorised purpose.

How can you contact us?

If you have any queries, concerns or complaints or require further information as to how your personal data is processed, or if you wish to the exercise of any of your rights in relation to your personal data, you can contact us by post, or email at:

Data Protection Officer
Tokio Marine Kiln, 20 Fenchurch Street, London EC3M 3BY
dpo@tokiomarinekiln.com


If you are not satisfied with the way in which your personal data has been handled by TMK, you may also complain to the Data Commissioner’s Office at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

T: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
    casework@ico.org.uk

How often is this Notice updated?

We regularly review and revise this Notice. We will ensure that the most up to date version is published here. This Notice was last updated on 01/06/2020.