Privacy Policy | AEGIS London

Aegis London

Opal Platform Privacy & Cookies Policy

This website (the “Site”) and the Opal Underwriting Platform accessible from it (together, the “Platform”) is owned and operated by AEGIS Managing Agency Limited (“we”, “our”, and “us”).

We are committed to ensuring that your privacy and the privacy of policyholders and related parties is protected. This policy sets out how we use the information we collect through the Platform and how you can tell us if you would prefer us not to use the information, or to limit its use.

The Platform is provided for insurance intermediaries to obtain quotes for insurance products from us on behalf of prospective policyholders and to arrange insurance contracts between us and the policyholder. References in this policy to you and your, are to the retail and wholesale insurance intermediaries (or their employees and
other representatives, as applicable). References to policyholders are to the policyholders or prospective policyholders on behalf of whom you act.

ABOUT US

We are AEGIS Managing Agency Limited, a limited company registered in England under number 03413859 with registered office address at 25 Fenchurch Avenue, London, EC3M 5AD.

AEGIS Managing Agency Limited is part of a group of companies of which AEGIS (Associated Electric & Gas Insurance Services Limited) is the ultimate parent company. AEGIS is a mutual insurance company registered in Bermuda.

AEGIS Managing Agency Limited is the data controller of any personal data you provide to us through the Platform and is subject to applicable data protection laws.

AEGIS Managing Agency Limited acts as the Lloyd’s managing agent for AEGIS Syndicate 1225 and is registered with the UK Information Commissioner’s Office (“ICO”) under registration number Z5328746.

Contacting Us

If you have any questions about this data privacy policy or your information, or to exercise any of your rights as described in this policy or under applicable data protection laws, you can contact the Data Protection Officer at:

Data Protection Officer
AEGIS Managing Agency Limited
25 Fenchurch Avenue
London
EC3M 5AD

By email: [email protected]
By telephone: +44 (0)207 856 7856

THE LONDON INSURANCE MARKET AND PERSONAL DATA

We provide services as an underwriter in the London insurance market across a range of insurance and reinsurance classes of business.

In order for the London insurance market to operate efficiently and effectively, information, including personal data, needs to be shared between different participants in the insurance market.

The London Insurance Market Core Uses Information Notice has been prepared to help explain how we and other participants in the London insurance market process personal data through the insurance lifecycle. This Notice can be found here.

The terms and conditions which govern your use of the Platform require you to include the London Insurance Market Core Uses Information Notice in the privacy information which you communicate to policyholders prior to collecting any personal data from them.

DATA PROTECTION PRINCIPLES

AEGIS London complies with the principles of processing personal data as follows:

Lawfulness, fairness and transparency – data must be processed lawfully, fairly and in a transparent manner.
Purpose limitation - data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data minimization - data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy - data must be accurate and, where necessary, kept up to date.
Storage limitation - data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and confidentiality - data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.

This policy describes the personal information that we collect, and explains how we comply with these principles.

INFORMATION WE MAY COLLECT

Information you give us

You may give us information about you or about a policyholder by registering, filling in forms or requests for information on the Platform or by corresponding with us by phone, email or otherwise.

This includes information you provide when you:
register to use the Platform;
use the services on the Platform;
submit any requests for quotes or make any applications on the Platform;
upload documentation to the Platform;
report a problem that relates to the Platform; and
sign up to receive newsletters or other communications from us.

The types of personal information we may collect from you are as follows:

your contact details;
your bank details;
policyholders’ names, addresses, e-mail addresses, phone numbers and dates of birth;
policyholders’ financial information if required for the policy being applied for;
policyholders’ health information if required for the policy being applied for;
policyholders’ offences, convictions and judgments records if required for the
policy being applied for;
policyholders’ identification and/or credit history if required for the policy being applied for;
policyholders’ insurance history if required for the policy being applied for;
records of correspondence between us;
details of applications you make or transactions you carry out through the Platform; and
other information regarding your preferences.

Information we collect from you

We may also automatically collect, store and use information about your visits to the Platform and about your computer, tablet, mobile or other device through which you access the Platform. This includes the following information:

technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and geographical location; and
information about your visit and use of the Platform, including the full Uniform Resource Locators (URL), clickstream to, through and from the Platform (including date and time), pages you viewed and searched for, page response times, download errors, and length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), and website navigation and search terms used.

Information collected from other sources

We may collect information about you or about policyholders from other sources, such as commercially available sources.

WHAT WE DO WITH THE INFORMATION

We use the information we collect to:

decide whether to provide you with an insurance quotation for a policyholder;
provide you with an insurance quotation and administer policies which you enter into on behalf of the policyholder;
manage the insurance policy you enter into on behalf of the policyholder, including underwriting, claims handling, payment of premiums and complaints handling;
communicate with you regarding the insurance policy you enter into on behalf of the policyholder;
carry out our obligations arising from any contracts entered into between you and us and/or between a policyholder and us;
provide you and/or the policyholder with the information, products and services that you request from us;
prevent or detect fraud, money-laundering and/or sanctions risks;
comply with our legal and regulatory obligations – for example, our record-keeping obligations; and
manage our own risks including risk modelling, pricing and risk management;

We consider that this use of your personal data and the personal data of policyholders is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

We also use the information we collect to:

administer the Platform including troubleshooting, data analysis, testing, research, statistical and survey purposes;
develop our products, services and systems and to understand our customers’ requirements;
monitor transactions to ensure compliance with procedures;
allow you to participate in any interactive features of the Platform when you choose to do so;
contribute to our efforts to keep the Platform safe and secure;
notify you about changes to our service;
ensure that content from the Platform is presented in the most effective manner for you and for your computer, mobile device or other item of hardware through which you access the Platform;
contact you for market research purposes; and
perform a task carried out in the public interest where using the information is necessary for the performance of such task;

We consider that this use of your personal data and the personal data of policyholders is necessary for the purposes of our legitimate interests in maintaining and administering the Platform and marketing and developing our services.

We may also use aggregate information and statistics for the purpose of monitoring website usage in order to help us develop the website and our services. These statistics will not include information that can be used to identify any individual.

SENSITIVE PERSONAL DATA

We will only use sensitive personal data provided by you and relating to policyholders if it is necessary for:

insurance purposes;
reasons of substantial public interest; and/or
the establishment, exercise or defence of a legal claim.

Examples of “sensitive personal data” are information about an individual’s health, racial or ethnic origin, or philosophical beliefs.

SHARING YOUR INFORMATION WITH THIRD PARTIES

We may share the information we collect with:

any member of our corporate group, including affiliated entities in order to provide the insurance services offered through the Platform;
our agents, business partners, suppliers, consultants and sub-contractors which assist us in running the Platform or in providing the insurance services offered through the Platform, and which are subject to security and confidentiality obligations;
our reinsurers when required to do so contractually, and which are subject to security and confidentiality obligations;
regulators, auditors and dispute resolution bodies when required to do so because of regulatory and/or legal obligations; and
anti-fraud databases or the equivalent/the like.

We may also disclose your or policyholders’ personal information to third parties where there is a legitimate reason to do so including for the following reasons:

in the event that we sell or buy any business or assets, in which case we may disclose such personal information to the prospective seller or buyer of such business or assets;
if all or substantially all of our assets are acquired by a third party, in which case personal information held by it about its customers will be one of the transferred assets;
if we are under a duty to disclose or share such personal information in order to comply with any legal obligation;
to enforce or apply any contract between us or any contract between us and a policyholder or to establish, exercise or defend our rights, or the rights of our customers or others.

SECURITY OF YOUR INFORMATION AND POLICYHOLDER INFORMATION

We use industry standard physical and procedural security measures to protect information from the point of collection to the point of destruction. Hard copy information files are restricted to authorised individuals. We use, as appropriate, encryption, firewalls, access controls, policies and other procedures to protect
information from unauthorised access.

Where appropriate, we use pseudonymisation and / or encryption to protect information.

The transmission of information via the internet is not completely secure. Although we will do our best to protect the information transmitted to us, we cannot guarantee the security of data transmitted via the internet; any transmission is at your own risk. Once we have received your information and/or policyholder information, we use
appropriate procedures and security features to try to prevent unauthorised access.

Where data processing is carried out on our behalf by a third party, we will endeavour to ensure that appropriate security measures are in place including to prevent unauthorised disclosure of personal information.

We have procedures in place to deal with any actual or suspected data security breach. We will notify you and/or any applicable regulator of an actual or suspected data security breach where we are legally required to do so.

INTERNATIONAL TRANSFERS

AEGIS Managing Agency Limited’s offices are in the UK but as part of an international organisation we have other offices of our Group outside the UK. Authorised personnel may access the information you provide in any country in which we operate. Therefore, it may be necessary to transfer your details and/or policyholder details to members of our group located in countries that may not offer equivalent data protection or privacy laws to those in the UK or the EU.

Regardless of where the information is transferred, we shall seek to ensure that it is safe and shall take all steps reasonably necessary to put in place appropriate safeguards with the aim of ensuring that the information is treated securely and in accordance with this policy and applicable law. Details regarding these safeguards can be obtained from our Data Protection Officer whose details are given above.

HOW LONG WE KEEP YOUR INFORMATION AND POLICYHOLDER INFORMATION

Personal information received by us will be retained for as long as necessary to fulfil the purposes described in this policy or for the maximum period of time as required by law, after which time it will be destroyed in a secure manner.

YOUR/POLICYHOLDERS’ RIGHTS

Access to your information and policyholder information and updating the information

You have the right to access information which we hold about you. If you so request, we shall provide you with a copy of your personal information which we are processing (“subject access request”);

You also have the right to receive your personal information in a structured and commonly used format so that it can be transferred to another data controller ("data portability").

We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.

Policyholders have the same rights described above but in respect of the personal information which we hold about them.

Right to object

You have the right to object at any time to our processing of your personal information for direct marketing purposes. Policyholders have this right but in respect of the personal information which we hold about them.

Where we process your information/policyholders’ information based on our legitimate interests

You also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal information which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Policyholders have the same right described above but in respect of the personal information which we hold about them

Your/policyholders’ other rights

You also have the following rights under data protection laws to request that we rectify your personal information which is inaccurate or incomplete.

In certain circumstances, you have the right to:

request the erasure of your personal information erasure (“right to be forgotten”);
restrict the processing of your personal information to processing to which you have given your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of others.

Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply.

Policyholders have the same rights described above but in respect of the personal information which we hold about them.

EXERCISING YOUR/POLICYHOLDERS’ RIGHTS

You can exercise any of your rights as described in this policy and under data protection laws by contacting our Data Protection Officer.

Save as provided under applicable data protection laws, there is no charge for the exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee (subject to any limits imposed by applicable law) taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.

Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.

The above also applies to policyholders’ exercising of any of their rights as described in this policy.

COOKIES

A cookie is a small amount of data which often includes a unique identifier that is sent to your computer or mobile phone (your “device”) from the Platform and is stored on your device’s browser or hard drive.

The cookies we use on the Platform won't collect personally identifiable information about you and we won't disclose information stored in cookies that we place on your device to third parties.

By continuing to use the Platform, you are agreeing to our use of cookies.

If you don't want us to use cookies when you use the Platform, you can set your internet browser not to accept cookies. However, if you block cookies some of the features on the Platform may not function as a result.

You can find more information about how to do manage cookies for all the commonly used internet browsers by visiting www.allaboutcookies.org. This website will also explain how you can delete cookies which are already stored on your device.

We currently set the following cookies on the Platform:

Cookie	Purpose
user-has-accepted-cookies	Set as true to denote that the user has allowed the storage of cookies on their device
Log in (PHPSESSID)	Set up on logging in and used to retain log in information

Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behaviour tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option, and DNT signals are not yet uniform. For this reason, AEGIS London, does not recognise or respond to DNT signals.

LINKS

Our Platform may contain links to other websites for ease of reference. We do not endorse any sites that are linked from our Site and do not assume any responsibility for the content of any such website.

You may not link the homepage or any other parts of the Site or the Platform without out prior written consent.

COMPLAINTS

We hope that our DPO can resolve any query or concern you may have about our use of your information.

You also have the right to complain to the UK Information Commissioner’s Office (https://ico.org.uk/) about our data processing activities in relation to your personal information if you think they infringe applicable data protection laws (ICO helpline on +44 (0)303 123 1113).

UPDATES TO THIS POLICY

We may review and, if appropriate, update this policy from time to time. We will place notice of any such amendments on our Site. Please visit our Site for the most recent version of this policy.

This policy was last reviewed and updated on 11 December 2023.