Calm before the storm
Privacy Policy, Read below.
Last Updated: 04 October 2022
Tokio Marine HCC (also known as “TMHCC”) takes the privacy of customers and consumers seriously and is committed to protecting their privacy. This Policy explains how we collect, use, and transfer your personal data or information and also describes your rights in relation to the personal data or information collected and stored by us when you use our website or otherwise engage with our products and services (collectively “Services”).
Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements. Please access these specific policies at the bottom of the screen for these specific policies, particularly if you are a customer or consumer of Tokio Marine Europe S.A. (refer to the TME Privacy Policy) or if you are a customer or consumer of TMHCC in the United States (refer to the U.S. Privacy Policy).
We may also offer certain products, programs or services that have unique or additional terms, privacy notices and/or consent forms that explain how TMHCC processes information. For details on any product-specific features, notices or terms, please review the terms for those Services.
This Policy sets out the following:
- What personal data or information we collect about you and how we collect it;
- How the data is used;
- Our legal basis for collecting your personal data or information;
- Who we share your data with;
- Where we transfer your personal data or information;
- How long we retain your personal data or information;
- Your rights and choices in relation to the data held by us;
- How to make a complaint in relation to the data held by us; and
- How to contact us with any queries in relation to this policy, or the personal data or information held by us.
Who is TMHCC?
Tokio Marine HCC (also known as “TMHCC”) is a trading name of HCC Insurance Holdings, Inc.® and TMHCC and its subsidiaries are a member of the Tokio Marine Holdings, Inc. group of companies that provides Services worldwide. Please see here for further information: http://www.tokiomarinehd.com/en/group/.
HCC Insurance Holdings, Inc.® and its subsidiaries are collectively referred to in the Privacy Policy as “TMHCC”, “we”, “us” or “our”.
What Personal Data or Information do we collect?
We collect personal data or information that you provide to us when you sign up for our Services, such as your contact information and financial information. We may also collect information based on how you interact with our Services and/or other Internet or network activity (e.g., your online browsing history or mobile device information). Below are more details on the types of personal data or information we collect.
What Personal Data or Information do we collect when you interact with us online?
PERSONAL DATA PROVIDED BY YOU
In order to provide Services to you, we may ask you to provide personal data or information.
Some of the personal data that you provide may be considered ‘special category’ (also known as ‘sensitive’) data or information. By sensitive data, we mean data relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, and can sometimes be inferred from other, non-sensitive personal data that you have provided. Any special category personal data that you provide will only be collected where it is necessary to enter into and handle your insurance policy which includes any claims made under your policy.
Specifically, the information we may collect includes, amongst other things, your name, email address, postal address, telephone number, gender, date of birth, passport number, bank account details, credit history, claims history, citizenship status, and marital status depending on the service you are seeking and the jurisdiction you are in. The person-related data you are being asked to provide, and the reasons why you are asked to provide it, will be made clear in this policy or at the point at which we ask for such information.
If you create an account, we collect information to set up your account, like a username or password. If you file a claim with us or someone sets one up on your behalf, like your broker, we may collect information necessary to process claims including medical history, health-related information, background checks, claims history and public records of criminal convictions.
PERSONAL DATA OR INFORMATION THAT WE COLLECT WHEN YOU INTERACT WITH US ONLINE
When you interact with us online, we may collect certain information from your device with your prior consent. In some countries, including countries in the United Kingdom (“UK”) and European Economic Area (“EEA”), this information may be considered personal data under applicable data protection laws.
Specifically, the personal data we are seeking to collect with your prior consent includes data like your IP address, device type, unique device identification numbers, browser type, broad geographic location (e.g., country or city-level location) and other technical information. We may also collect data about how your device has interacted with our online services, including the pages accessed and links clicked.
Collecting this data enables us to better understand visitors to our website, where they come from, and what content online is of interest to them. We use this data for internal analytics purposes and to improve the quality and relevance of our online website to our visitors.
Some of this personal data may be collected using cookies and similar tracking technology, as explained in our Cookie Policy, which can be found here.
PERSONAL DATA OR INFORMATION THAT WE OBTAIN FROM THIRD-PARTY SOURCES
From time to time, we may receive your personal data or information from third-party sources but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal data or information to us.
For example, if you are an individual who is obtaining insurance from us via an insurance broker, we may obtain data about you from your broker in order to help us prepare your quote and/or your insurance policy. For information about how your broker uses and shares your personal data or information, please refer to the broker’s own privacy statement.
We may, where we are legally permitted to, also collect personal data or information from the following sources in order to provide Services to you:
- Credit reference agencies;
- Anti-fraud and other databases;
- Government agencies;
- Electoral register;
- Court judgments;
- Sanctions lists;
- Family members; and
- In the event of an insurance claim: the other party to the claim, witnesses, experts, loss adjusters, solicitors and claims handlers.
How is Personal Data or Information used and what are the lawful bases we rely on?
The legal basis on which we rely to collect and process your personal data or information will vary depending on the personal data or information itself, the specific purpose for which we collect it, and the jurisdiction you are in.
Generally, we will collect and use (“process”) your personal data information, including sensitive data, where such processing is necessary for the following:
1. For the performance of a contract with you
In many cases, the processing of your personal data is based on the existence and necessity for the performance of your contract with us or on the necessity to take pre-contractual steps following your request. We will rely on this contractual lawful basis in order to carry out the following activities:
- To set you up as a new client or when you sign up for an online account;
- To provide you with an insurance quote;
- To provide Services to you;
- To accept payments from you;
- To communicate with you about your policy or account;
- To renew your policy;
- To respond to your enquiries;
- To process insurance claims; or
- For general insurance administration purposes.
2.For our legitimate interests
We may have to process your personal data for our legitimate interests (where permitted), for the following purposes:
- To conduct data analysis, which helps us assess, manage and model our risks, price our Services appropriately and improve our Services;
- To defend or prosecute legal claims;
- To investigate or prosecute fraud;
- To obtain reinsurance for your policy;
- To process reinsurance claims;
- To perform audits;
- To develop new Services;
- To secure our network and our website, debug the website and repair errors; or
- To manage our business efficiently.
3. In order for us to comply with our legal obligations
We may also have to process personal data or information in order to comply with our legal and regulatory obligations, such as in the following situations:
- In order to complete ‘know your customer’, sanctions enquiries or money laundering checks before taking you on as a new client;
- in order to establish a contract between you and us;
- in order to develop our business activity;
- in order to manage professional alerts like whistleblowing; or
- in order to apply your rights related to the protection of your data.
4. Where we have your consent
In certain circumstances, we may process data on the basis of your consent. You will always be specifically informed of this when your consent is collected.
5. To protect your vital interests or those of any other person
We may process your personal data on the basis of vital interests but only where it is necessary to protect a life and where you are not physically or legally capable of giving consent.
In addition to the above, based on the jurisdiction of where you are a resident or where your personal data or information is processed, we will comply with all relevant data protection laws.
Please note that you are under no obligation to provide personal data or information to us. However, if you choose to withhold requested data, we may not be able to provide you with Services.
If you have questions about, or need further information concerning, the legal basis on which we collect and use your personal data, please contact us using the contact details provided under the “Contact Us" section below.
Who is your Personal Data or Information shared with?
We may disclose your personal data with the following categories of recipients:
To our group companies, third-party service providers and partners who provide data processing services (for example, data hosting and storage companies, email marketing affiliates, and payment and claims processing companies) or who otherwise process personal data or information for purposes that are described in this Privacy Policy (see (“How is Personal Data or Information used and what are the lawful bases we rely on?);
- To other third parties, such as financial institutions, credit bureaus, insurance producers or other similar entities in connection with our services. We may also share information with select insurers and reinsurers to provide and administer the Services and your policy;
- To any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- To a potential buyer (and its agents and advisers) in connection with any proposed purchase, merger or acquisition of any part of our business, providing them the legal basis we processed your personal data; and/or
- To any other person with your consent to the disclosure.
We do not sell (or transfer) your personal data or information for monetary compensation.
If you are a U.S. resident, from time to time, we may share your personal data or information with third parties for certain purposes that may be considered a sale under certain applicable laws. For more information on the type of data we may share in this manner, please contact us.
International Transfers
Your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.
Specifically, the servers of HCC Insurance Holdings Inc. are located in the United States. However, other TMHCC group companies are registered elsewhere, including in the EEA and operate around the world. This means that when we collect your personal data, we may process it in any of these countries.
When transferring personal data to other countries we will protect your personal data in accordance with this Privacy Policy, or as otherwise disclosed to you.
We have implemented Standard Contractual Clauses for transfers of personal data between our group companies, which require all group companies to protect personal data they process from the EEA, UK and Switzerland in accordance with EU, UK and Swiss data protection laws (our Standard Contractual Clauses can be provided on request).
We may also transfer personal data to countries for which adequacy decisions have been issued, use contractual protections for the transfer of personal data to third-party service providers and partners, such as the European Commission’s Standard Contractual Clauses or their equivalent under applicable law, or rely on other data transfer mechanisms relevant to your jurisdiction.
You may contact us as specified in the “Contact Us” section below to obtain a copy of the safeguards we use to transfer personal data outside of your jurisdiction.
How long is your Personal Data or Information retained for?
We will keep your personal data or information on our records for as long as we have an ongoing legislative or legitimate business need to do so. This includes providing you with a Service you have requested from us or to comply with applicable legal, tax or accounting requirements. It also includes keeping your data for so long as there is any possibility that you or we may wish to bring a legal claim under your insurance contract, or where we are required to keep your data for legal or regulatory reasons. We may also retain your personal data where such retention is necessary in order to protect your vital interests or the vital interests of another natural person.
If you wish to receive further information regarding our record retention policy and procedures, please contact us using the contact details provided under the “Contact Us" section below.
Your Rights as a Data Subject
Depending upon where you reside or where your personal data or information is processed, you may have some or all of the rights or choices listed below regarding your personal data or information:
a) The right to be clearly informed about the processing of your personal data;
b) The right to access;
c) The right to rectification;
d) The right to erasure;
e) The right to restrict processing;
f) The right to object to processing;
g) The right to data portability;
h) The right to complain to us;
i) The right to complain to a supervisory authority or regulatory agency of competent jurisdiction;
j) The right to withdraw consent;
k) The right to object automated decision-making; and/ or
l) The right to request a list of our current service providers and partners.
If we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. If you wish to exercise the rights described above and are entitled to do so, we may ask you to verify your identity. We will not charge to reply to your request, but we may charge a reasonable fee or refuse your request if it is excessive or where additional copies are requested.
We will verify your identity in connection with any of the above requests and take steps to ensure that only you or your authorised representative can exercise your rights with respect to your information. There may be situations where we will be unable to grant or completely fulfil your request. If we are unable to grant your request, we shall provide a written explanation to explain the rationale for our decision and action.
Although the right of access always applies in specific jurisdictions, there are some exemptions, which means you may not always receive all the information we process.
If you wish to complain about how we have handled your personal data or information, your applicable law may require you to resolve the issue with the person you have been dealing with. If you are still not satisfied, contact us using the details set out in the “Contact us” section at the bottom of this page. We will use the information detailed in your complaint to investigate and resolve the issue and to provide feedback to our staff or business areas. Your personal data may be stored and used to assist us to improve our services.
In certain jurisdictions, if we do not resolve your complaint to your satisfaction, you have the right to complain to a data protection authority or regulatory agency of competent jurisdiction about our collection and use of your personal data or information. For more information, please contact your local data protection authority or regulatory agency of competent jurisdiction. In the table below we have listed the contact details of the data protection authorities where we have branches:
UK
Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel.: 0303 123 1113
E-Mail: DPO@ico.org.uk
Website: https://ico.org.uk
Luxembourg
Commission Nationale pour la Protection des Données
1, avenue du Rock’n’Roll
L-4361 Esch-sur-Alzette
Tel.: +352 2610 60 1
E-Mail: info@cnpd.lu
Website: http://www.cnpd.lu/
Belgium
Autorité de la protection des données - Gegevensbeschermingsautoriteit (APD-GBA)
Rue de la Presse 35 – Drukpersstraat 35,
1000 Bruxelles – Brussel
Tel.: +32 2 274 48 00
E-Mail: contact@apd-gba.be
Website:https://www.autoriteprotectiondonnees.be/
https://www.gegevensbeschermingsautoriteit.be/
Denmark
Datatilsynet
Carl Jacobsens Vej 35
2500 Valby
Tel. +45 33 1932 00
Fax +45 33 19 32 18
E-Mail: dt@datatilsynet.dk
Website: http://www.datatilsynet.dk/
France
Commission Nationale de l'Informatique et des Libertés - CNIL
3 Place de Fontenoy,
TSA 80715 – 75334 Paris, Cedex 07
Tel.: +33 1 53 73 22 22
Website: http://www.cnil.fr/
Germany
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn
Tel.: +49 228 997799 0
E-Mail: poststelle@bfdi.bund.de
Website: http://www.bfdi.bund.de/
Ireland
Data Protection Commission
21 Fitzwilliam Square
Dublin 2
D02 RD28
Tel.: +353 76 110 4800
E-Mail: info@dataprotection.ie
Website: http://www.dataprotection.ie/
Italy
Garante per la protezione dei dati personali
Piazza di Monte Citorio
121, 00186 Roma
Tel.: +39 06 69677 1
E-Mail: garante@garanteprivacy.it
Website: http://www.garanteprivacy.it/
Netherlands
Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30
P.O. Box 93374
2509 AJ Den Haag/The Hague
Tel.: +31 70 888 8500
Website: https://autoriteitpersoonsgegevens.nl/nl
Norway
Datatilsynet
Tollbugata 3
0152 Oslo
Tel.: +47 22 39 69 00
E-Mail: postkasse@datatilsynet.no
Website: www.datatilsynet.no
Spain
Agencia Española de Protección de Datos (AEPD)
C/Jorge Juan
6, 28001 Madrid
Tel.: +34 91 266 3517
E-Mail: internacional@aepd.es
Website: https://www.aepd.es/
Switzerland
Office of the Federal Data Protection and Information Commissioner FDPIC
Feldeggweg 1
CH - 3003 Berne
Tel.: +41 (0)58 462 43 95
Website: https://www.edoeb.admin.ch/
The U.S. has several regulatory agencies of competent jurisdiction enforcing various federal and state data protection laws. Please contact your state’s attorney general’s office or similar agency. In Canada, please contact the Office of the Privacy Commissioner. In Mexico, contact the National Institute of Transparency Access to Information and Personal Data.
You may otherwise exercise any of your rights in relation to your personal data by contacting us using the details set out in the “Contact us” section at the bottom of this page.
Automated decision making
In some instances, our use of your personal data may result in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you.
Automated decision-making is the process of making a decision by automated means without any human involvement on the basis of a computer determination (using software algorithms). For example, in certain instances, we may use automated decisions to establish whether we will offer insurance coverage to a prospective insured. We have implemented measures to safeguard the rights and interests of individuals whose personal data is subject to automated decision-making.
We will only use automated decision-making when it is necessary for the entry into or performance of the contract; or is authorised by applicable domestic law; or is based on your explicit consent.
In certain countries, when we make an automated decision about you, you have the right to contest the decision, to express your point of view, and to require a human review of the decision.
Marketing
Unless permitted by applicable law, we will not use your personal data or information to send you marketing materials if you have requested not to receive them.
If you request that we stop processing your personal data information for marketing purposes, we shall stop processing your personal data for those purposes. If you wish to unsubscribe at any point you can do so by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you or by sending an email to ukmarketing@tmhcc.com (worldwide excluding EU and U.S.), marketingeu@tmhcc.com (for EU) or privacypolicy@tmhcc.com (for the U.S.).
Security
TMHCC places great importance on the security of all personal data or information associated with consumers and our customers. We have security measures in place designed to protect against the unauthorized access, acquisition, loss, misuse and alteration of personal data under our control, our security policies are periodically reviewed and enhanced as necessary.
While we cannot ensure or guarantee that our physical, technical and administrative security measures can prevent the unauthorized access, acquisition loss, misuse or alteration of your data will ever occur, we will use reasonable and appropriate measures to prevent this. If you have any concerns that your TMHCC account or personal data information has been put at risk, please contact us.
Children’s data
Our websites and applications are not directed to children under 16, and we do not knowingly collect any personal data directly from children under 16. If you believe that we are processing personal data pertaining to a child inappropriately, we ask you to contact us using the data provided under the “Contact Us” section.
Links to other websites
Our website may include links to third-party websites or social media tools for your convenience and interest. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites or social media tools and are not responsible for their privacy statements. Where you visit any linked websites or social media tools not owned or controlled by TMHCC, we encourage you to review their privacy notices/policies.
Updates to this Privacy Policy
We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.
You can see when this Privacy Policy was last updated by checking the “Last Updated Date” displayed at the top of this Privacy Policy.
Contact us
If you have any questions about this Privacy Policy or want to exercise your rights in relation to your personal data, please contact us using the following contact details.
Residents worldwide (excluding in the EU and U.S.):
Data Protection Officer
TMHCC
1 Aldgate
London
EC3N 1RE
DPO@tmhcc.com
Residents in the EU:
Data Protection Officer
TMHCC-Tokio Marine Europe SA
26, Avenue de la Liberté, L-1930 Luxembourg
DPO-TMELux@tmhcc.com
Residents in the U.S.:
TMHCC Corporate Law and Compliance Office
13403 Northwest Freeway
Houston, TX 77040
888 688 0775
privacypolicy@tmhcc.com