In this Notice, when we refer to “TMK”, “we, us, or our”, we mean the entities set out below in the section Who are we?
This Notice will explain to you how we collect, use and share your personal data for the purpose of operating our business, websites, and managing our relationships with suppliers. It will also inform you of your rights relating to your personal data. If you are a job applicant who has provided your personal data to us for recruitment purposes, please click here for our Candidate Privacy Notice.
If you provide personal data about other persons to us, such as family, friends or other associates, you must seek their permissions and inform them in the first instance and share a copy of this Notice with them.
Who are we?
This Notice covers:
- Tokio Marine Kiln Group Limited and all its UK subsidiaries including:
- Tokio Marine Kiln Insurance Services Limited
- Tokio Marine Kiln Insurance Ltd
- Tokio Marine Kiln Syndicates Limited
- Tokio Marine Kiln Regional Underwriting Limited
- Kiln Pension Guarantee Limited
- Tokio Marine Europe Limited
- Tokio Marine Underwriting Limited
Where services are provided by other subsidiaries of Tokio Marine Kiln Group Limited or other entities in the Tokio Marine group, you should refer to the privacy notices of those companies.
TMK is a data controller in respect of personal data which we receive in connection with the services that we provide to our clients. This means that we are responsible for deciding how we can use your personal data. Our handling of data is consistent with the core necessary personal data uses and disclosures set out in the London Insurance Market Core Uses Information Notice.
What personal data do we collect?
Personal data is any information that relates to a living person and that identifies you either directly from that information or indirectly, by reference to other information that we have access to.
The personal data that we collect, and how we collect it, depends upon how you interact with us.
The personal data that we collect includes:
- Individual Details
Name, address (and proof of address), other contact details (e.g. email and telephone details), gender, marital status, family details, date and place of birth, nationality, employer, job title and employment history, educational and technical qualifications, family details and their relationship to you, and your images.
- Identification information
Identification numbers issued by government bodies or agencies (e.g. depending on the country you are in, social security or national insurance number, passport number, identification number, tax number, driver's licence number).
- Financial information
Payment card and bank account details, income and other financial information.
- Risk details
Information about you which we collect in order to assess the risk to be insured and provide a quote. This includes information relating to your health, criminal convictions, or other special categories of personal data. For certain types of policies, this includes telematics data.
- Health information
Current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g. smoking or consumption of alcohol), prescription information and medical history.
- Criminal records
Criminal convictions, criminal offences (including driving offences) and related security measures.
- Other sensitive personal data
Racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data and information concerning an individual's sex life or sexual orientation.
- Policy information
Information about the quotes you receive and policies you take out.
- Credit and anti-fraud data
Credit history and credit score, sanctions and criminal offences information received from various anti-fraud databases relating to you.
- Previous and current claims
Information about previous and current claims, (including other unrelated insurances), which may include information relating to your health, criminal convictions, or other special categories of personal data and in some cases, surveillance reports.
- Marketing information
Your individual details and marketing preferences. Where we rely on consent as a basis for collecting and using your personal data, we will also keep records of whether or not you have consented to receive marketing from us and/or from third parties.
- Website and communication usage
Details of your visits to our websites and information collected through cookies and other tracking technologies, including your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access. For information about how we use cookies and the choices you may have, please see the cookies policies which are available on our websites that your visit.
- CCTV images
Your images are captured by CCTV cameras operated by us. No voice is recorded by our CCTV system.
Who do we obtain your personal data from?
We collect personal data from various sources, including:
- you
- your family members, representative, employer or trade or professional associations
- other insurance market participants, such as insurance intermediaries (e.g. introducers, brokers, agents and coverholders), insurers and reinsurers
- credit reference agencies
- anti-fraud databases, sanction lists, court judgements and other databases
- government agencies such as vehicle registration authorities and tax authorities
- publicly available information including the open electoral register
- in the event of a claim, third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, legal advisors, and claims handlers
- suppliers providing products and services to us
How do we obtain your personal data?
We collect personal data in the course of our business including:
- When you request a service from us
For example, if you ask us to obtain insurance quotes, or if you contact us to make an enquiry about a product or a service that we provide.
- Providing a service/ product to our clients
Our services and products include insurance products and services (including underwriting, coverholder services and insurance administration). In these cases, your personal data will normally be provided to us by our clients (or intermediaries acting on behalf of our clients), or sometimes our clients may ask us to contact you directly. We will also obtain information from other third parties (see ).
- When you use our website or one of our online services
We collect information about your visit and how you interact with our website. We use various technologies to collect and store information when you visit our websites. For information about how we use cookies and the choices you may have, please see our cookies policies available on our websites that you visit.
- When you sign up to attend or attend one of our events
We will ask you to provide your personal data and those of your guest, including meal preferences.
- When you visit our business premises
We collect information that we need in order to identify you and complete necessary security checks. We also collect your images on our CCTV cameras which are installed at the entrances and exits of our premises and within our premises.
- When we engage or are proposing to engage the services or purchase products from a supplier
We collect information necessary to administer our relationship with a supplier including review of our supplier’s capabilities and qualifications, communicate with our suppliers or proposed suppliers, make payments and recover money owed to us, and perform any ongoing monitoring and investigations where required.
- Whenever you contact us or engage us on social media
We retain a copy of your email or other correspondence as a record of your communication with us. This will include occasions when you contact us for a general enquiry, a complaint or to exercise your rights in relation to your personal data.
- Merger or acquisition
If we are in a process of merger, acquisition or asset transaction, we may acquire your personal data from the involved third party.
What does TMK use your personal data for and what is our legal basis for the use?
Under data protection laws we need a reason to collect and use your personal data and this is called a legal basis. We have set out below our purposes for processing your personal data and our legal basis for doing so.
Purposes for processing personal data |
Legal basis |
Providing a service/ product to our clients |
|
Quotation/ inception
|
|
Policy administration
|
|
Claims processing
|
|
Renewals
|
|
Support and other business activities
|
|
Other business purposes |
|
Conducting data analytics
|
|
Contacting and marketing to our clients and prospective clients
|
|
Conducting surveys and other evaluations
|
|
Websites |
|
Operation and use of our websites
|
|
Legal, compliance and corporate governance |
|
|
|
|
|
|
|
|
|
Securing and protecting our business |
|
|
|
Use of CCTV |
|
|
|
Sensitive personal data
Sensitive personal data refers to health information, criminal records and other sensitive personal data. See the section above under What personal data do we collect?
If we use certain sensitive personal data, data protection laws require that we must have an additional legal basis.
The additional legal basis that we rely on for processing sensitive personal data is that it is necessary for an insurance purpose and for reasons of substantial public interest, and to protect, investigate and defend legal claims.
Who do we share your personal data with?
We share personal data (except for CCTV images) within and outside the Tokio Marine group of companies. These persons may act as data controllers or data processors of your personal data. A data controller is responsible for deciding how to use your personal data, while a data processor only processes your personal data on behalf of a controller that it provides services to.
We will not generally disclose your CCTV images to anyone outside of TMK except where a right of access is exercised by you or where we are asked to make the disclosures to law enforcement agencies, to comply with any law, regulation or court order or to protect our property or the rights of persons who have been injured, attacked or had property damaged or stolen.
Other companies
We may disclose your personal data to or share it with:
- The relevant insurance market participants and other companies
The insurance lifecycle involves the sharing of your personal data between the various insurance market participants and other companies.
We may disclose your personal data to our insurance partners and other companies such as brokers, other insurers, reinsurers, coverholders and companies who act as insurance intermediaries. These insurance market participants and other companies would usually operate as independent data controllers of personal data, and are responsible for their own compliance with data protection laws. You should refer to their privacy notices for more information about their practices.
We may disclose your personal data to companies who process your personal data on our behalf, such as those who are involved in risk assessment, handling, investigation, defence or prosecution of claims, administration of insurance policies, loss adjustment and information providers such as screening, due diligence and anti-fraud databases.
- Other authorised service providers
We may disclose your personal data to service providers we have retained to provide services to us.
Service providers such as banks, financial organisations and advisers, auditors, lawyers and tax advisers are independent data controllers of personal data which they receive from us.
Other service providers such as our marketing agencies, document management providers and IT service providers who manage our IT and back office systems are data processors and process on our behalf, those personal data which they receive from us.
Within the Tokio Marine group of companies
We are part of the Tokio Marine Holdings, Inc. group of companies and other entities operating throughout the world. Your personal data is shared with our group entities for the purposes of providing services between our group entities, for our general business administration, reporting or regulatory/ compliance purposes. Our group entities may either act as data controllers or data processors of personal data.
Legal and regulatory obligations
We will make disclosures in order to meet our legal and regulatory obligations to law enforcement agencies, government and regulatory bodies such as the Prudential Regulatory Authority, the Financial Conduct Authority, the Information Commissioner’s Office and other regulators as required by law, who act as independent data controllers of the personal data.
We may make disclosures of your personal data for the purposes of legal proceedings, obtaining legal advice and complying with our obligations under the data protection and other laws.
Mergers and acquisitions
We may disclose your personal data in connection with the sale, transfer or disposal of our business to third parties who act as independent data controllers of the personal data.
How long will TMK retain your data
We will retain your personal data in accordance with our Data Retention Schedule for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. Our retention periods for personal data are determined based on our business needs and legal requirements. For example, we retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. Please note that personal data that has been deleted from our systems may persist in our backups, but will not be readily accessible.
CCTV data
We will keep your personal information for approximately one month after the recording was made. After this time the recording stored on the hard drive of our CCTV system will usually be overwritten. However, if we receive an enquiry about a particular recording on our CCTV, will retain that part of the recording until it is no longer required. This period can vary as it will depend upon the circumstances of the particular case, but for criminal or civil legal proceedings this could mean that the personal information is retained until after the legal case and any appeals have been concluded, which may be many years after. As soon as it is no longer required we will then delete the personal information.
What are your rights?
Right of access |
You have the right of access to information we hold about or concerning you |
Right of rectification or erasure |
If you feel that any information that we hold about you is inaccurate you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where the information is no longer needed by us, where we are unlawfully processing your personal data, or where our processing of your personal data is based on your consent. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it. Where we have disclosed your personal data to another person, we will shall take all reasonable steps to inform those with whom we have shared your personal data about your request to erase or correct/ rectify the personal data. |
Right to object or restrict processing |
You have a right to object to our processing of your personal data where our processing is based on legitimate interests. This includes the right to object to any direct marketing we may undertake and to any automated decisions based on profiling which we may carry out. You also have a right to request that we restrict processing your personal data while we consider your request to rectify or erase the personal data. Again, there may be circumstances where you object to or ask us to restrict our processing of your personal information but we are legally entitled to refuse that request. |
Right to portability |
You may a right to receive any personal data that you have provided to us in a commonly used, machine readable format in order to transfer it to another data controller. This is called a data portability request and is only available where we process your personal data on the basis of your consent or for the performance of our contract with you. |
Right to withdraw consent |
You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent. |
Right of complaint |
You have a right to lodge a complaint at any time about how we are handling your personal data with the UK’s Information Commissioner’s Office who can be contacted at www.ico.org.uk. However, we hope that before you do so, you will first contact us at dpo@tokiomarinekiln.com to let us know. We wish to assure you that we are committed to working with you to settle any concern or complaint your may have about how we handle your personal data. |
If you would like to find out more about your rights please email us at dpo@tokiomarinekiln.com.
Where will your personal data be processed?
If TMK transfers personal data outside of the UK, we will take measures to ensure all adequate safeguards are in place that matches the EU Data Protection standards, in accordance with legal requirements.
Certain countries outside the European Economic Area (EEA) have been approved by the European Commission as providing equivalent protections as EEA data protection laws. UK data protection laws allow TMK to freely transfer personal data to these countries.
Where recipients are located in countries which do not provide an adequate level of protection from a UK data protection law perspective, we will base the transfer on appropriate safeguards, such as standard data protection clauses adopted by the European Commission or by a supervisory authority, approved codes of conduct or certification mechanisms together with binding and enforceable commitments of the recipient, or derogations.
How does TMK secure your personal data?
The security of your personal data is important to us and we have implemented reasonable physical, technical and administrative security standards to protect personal data from loss, misuse, alteration or destruction.
We protect your personal data against unauthorised access, use or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorised individuals access your personal data, and they receive training about the importance of protecting personal data.
Our service providers and agents who process personal data on our behalf are contractually bound to maintain the confidentiality of personal data and may not use the personal data for any unauthorised purpose.
How can you contact us?
If you have any queries, concerns or complaints or require further information as to how your personal data is processed, or if you wish to the exercise of any of your rights in relation to your personal data, you can contact us by post, or email at:
Data Protection Officer
Tokio Marine Kiln, 20 Fenchurch Street, London EC3M 3BY
dpo@tokiomarinekiln.com
If you are not satisfied with the way in which your personal data has been handled by TMK, you may also complain to the Data Commissioner’s Office at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
T: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
casework@ico.org.uk
How often is this Notice updated?
We regularly review and revise this Notice. We will ensure that the most up to date version is published here. This Notice was last updated on 01/06/2020.