Multi-firm wholesale agency, Lloyd’s Coverholder and registered in Section A of the RUI

Privacy Policy

PRIVACY DISCLAIMER

INDEX

  1. INDEX
  2. INTRODUCTION
  • PURPOSE OF THIS INFORMATION
  • IDENTITY OF THE DATA CONTROLLER AND CONTACT DETAILS
  • PERSONAL DATA WHICH MAY BE SUBJECT TO PROCESSING
  • SOURCES OF PERSONAL DATA
  • HOW WE USE AND DISCLOSE PERSONAL DATA
  • CONSENT
  • PROFILING (AND AUTOMATED DECISION-MAKING PROCEDURES)
  • SECURITY MEASURES
  • LIMITS ON THE COLLECTION AND STORAGE OF PERSONAL DATA
  • CROSS-BORDER TRANSFER OF PERSONAL DATA
  • ACCURACY, RELIABILITY, TRANSPARENCY AND USER RIGHTS
  • QUESTIONS, REQUESTS OR COMPLAINTS
  • CHANGES TO THIS PRIVACY POLICY
  • INSURANCE LIFE CYCLE

INTRODUCTION

Insurance Placement Agency Srl (hereinafter IPA or us), a company subject to the management and control of Special Risks Group Holding Limited (a company incorporated under Irish law), is committed to protecting the privacy and confidentiality of the Personal Data it processes as part of the services provided, even indirectly, to customers.

The services offered by IPA essentially consist of the supply of insurance products, mostly wholesale, risk consultancy and insurance intermediation, as well as the submission of compensation requests as part of these services and generally in the management of insurance relationships.

Insurance is the contract with which a person (called Contractor) insures his own assets (or that of another person who assumes the role of sole Insured) in relation to the consequences of a future and uncertain event, assuming the characteristic of a contract random; the insurance contract includes objective and subjective limits of operation and limitations of the Insurers’ obligation to indemnify.

For this purpose it is necessary that information, including Personal Data of different categories of people, is shared between the various operators in the insurance market during the entire life cycle of the insurance.

The operators of the insurance market are definable as follows:

Contractors : this term refers to individuals who take out insurance to protect their own or third party assets against future and uncertain risks. To purchase an insurance product / stipulate an insurance contract, these individuals can use an Intermediary, contact an Insurer directly or consult a rate comparison website.

Intermediaries : they are the Operators who assist Contractors and Insurers in arranging insurance coverage. They can offer advice and manage compensation claims. Many insurance and reinsurance policies are stipulated through authorized intermediaries.

Insurers (also called Underwriters) o Insurance Companies: provide insurance coverage to Contractors upon payment of a premium within the limits set out in the insurance contract.

Reinsurers : provide insurance coverage to other Insurers or Reinsurers. This type of insurance is called “reinsurance”.

During the pre-contractual phase and subsequently during the life cycle of an insurance, IPA may receive Personal Data relating to current or potential Policyholders, policy beneficiaries, their family members, applicants and other parties involved in an insurance claim. Therefore, in the context of this information, the term “data subjects” refers to any living person included in the previous list in which Personal Data is received by IPA in connection with the services that the company provides in the framework of the commitments undertaken towards its clients. This information defines the criteria according to which IPA uses, stores, transfers and protects the Personal Data and discloses them to other operators in the insurance market and to other third parties.

PURPOSE OF THIS INFORMATION

This information explains IPA’s data processing methods and policies. It applies to all personal data that you provide to us and to all data that we collect from other sources, unless a different, more specific privacy statement is provided to you at the time of data collection.

This information refers to and is valid only for the IPA site and not for other sites that may be consulted via links.

IDENTITY OF THE DATA CONTROLLER AND CONTACT DETAILS

Insurance Placement Agency Srl, Corso di Porta Nuova n. 16 – 20121 Milan, Italy (IPA or us) is the data controller of the Personal Data that it processes in connection with the services provided in the framework of the commitments undertaken towards its customers.

In some cases, IPA and the client may have agreed that in the performance of certain services IPA acts as data controller. In such situations IPA will retain the Personal Data in accordance with what is established between IPA and the customer.

It is specified that each list referred to in this information is illustrative and not exhaustive in nature.

PERSONAL DATA WHICH MAY BE SUBJECT TO PROCESSING

IPA may process the following Personal Data:

Personal Data : name, address, other contact details (e.g. e-mail address and telephone number), gender, marital status, health conditions, family data, date and place of birth, employer, qualification and work history, assets and income data, relationship with the Contractor, insured, beneficiary or applicant.

Identification details : identification numbers issued by government agencies or bodies (for example, depending on the country of residence of the interested party, social or national security number, passport number, identity card number, tax code, driving license number) .

Financial information : payment card number, account number and bank details, income and other financial and asset information.

Insurance Risk : information on the insured risk containing Personal Data which may include, only to the extent relevant to the insured risk:

  • Health data current or previous physical and mental conditions, health status, information on injuries or disabilities, medical treatment received, relevant personal habits (e.g., smoking or drinking alcohol), information on medicines subject to medical prescription, medical history.
  • Criminal records data, criminal convictions, including traffic violations (where applicable pursuant to applicable legislation); And
  • other particular categories of Personal Data data that reveal ethnic or racial origin, political opinions, philosophical or religious beliefs and membership of trade unions, genetic and biometric data, data relating to the life or sexual orientation of the interested party.
  • Information on the policy information on the quotes received and, on the policies, taken out by the interested party.
  • Data relating to credit and previous fraud relating to loans and creditworthiness (information on fraud convictions, alleged criminal offenses and details of sanctions incurred from various anti-fraud databases and sanctioning databases or from regulatory agencies and/or authorities law enforcement officers).
  • Previous claims information about previous claims, which may include health data, criminal records data and other special categories of Personal Data (as defined in the insured risk paragraph).
  • Ongoing claims information on ongoing claims, which may include health data, criminal record data and other special categories of Personal Data (as defined in the insured risk paragraph).
  • Knowledge of circumstances suitable for giving rise to a request for compensation information on elements and factual data from which, according to normal experience and with regard to the type of risk and the profile of the Insured, a person of normal prudence may fear being subjected to a request for compensation.
  • Marketing data information relating to the data subject’s express or denied consent to receive marketing communications from us and third parties.

When the aforementioned information comes directly from interested parties, IPA takes care to inform you of the need to obtain such information and the consequences that could arise from the decision not to provide it in the appropriate form.

SOURCES OF PERSONAL DATA

Personal Data is collected from various sources, varying depending on the nature of the services and the purpose of collection. Sources may be the following (depending on the country of residence of the interested party).

  • interested parties and members of their household, websites, telephone or written correspondence;
  • employers of the interested parties;
  • in the event of a compensation claim, third parties including the other party involved in the accident (claimant/defendant), witnesses, experts (including medical examiners), experts, lawyers and claims handlers;
  • other operators in the insurance market, such as insurers, reinsurers and other intermediaries;
  • credit rating agencies (where credit risk has been assumed);
  • anti-fraud databases and other third-party databases, such as lists of sanctioning proceedings;
  • government agencies, such as vehicle registration offices and tax authorities;
  • compensation claim forms.
  • In some cases, some data and information are collected automatically through navigation on the site and/or through e-mails that could be exchanged. Automated technologies may include the use of web server logs to collect
  • IP addresses, cookies and web beacons. Further information on our use of cookies can be found in our cookie policy, available on the site and in the cookie preferences center.

    If by chance data of third parties are also provided (for example information on spouse, partner, children, dependents, emergency contacts) this information must be provided in advance to these people; IPA reserves the right to ask these third parties for explicit consent.

    HOW PERSONAL DATA IS USED AND DISCLOSED

    This section defines the purposes for which Personal Data is used, illustrates how the information collected is shared and specifies the “legal foundations” on which IPA relies for the processing of information.

    These “legal foundations” are defined in the General Data Protection Regulation (GDPR), which authorizes companies to process Personal Data only in compliance with the legal basis established in the Regulation itself (the complete description of each legal basis is available by clicking here) .

    Please note that, in addition to the recipients set out in the table below, IPA is authorized to disclose Personal Data for the purposes set out in this Policy to service providers, contractors, agents and Group companies carrying out activities on our behalf.

    Estimate / Activation

    Purpose of the treatment

    Establishment of a relationship with the customer, including the necessary checks regarding fraud, money laundering and sanctioning procedures.

    Legal foundations

    • management of the pre-contractual phase, insurance consultancy;
    • execution of the contract stipulated with the interested party (if it is the customer).
    • fulfillment of a legal obligation;
    • legitimate interests of IPA (for the purposes of ascertaining that the customer falls within a risk profile deemed acceptable by IPA and its Principals and to help prevent crimes and fraud)

    For the processing of particular categories of Personal Data (e.g. health data) and criminal record data:

    • consent

    Recipients of the information

    • anti-fraud database

    Verification of creditworthiness in case of taking on a credit risk

    • legitimate interests of IPA (to ascertain that the customer falls within a risk profile acceptable to IPA
    • and its principals and to help prevent crimes and fraud)

    Recipients of the information

    • credit rating agencies

    Evaluation of the risks covered and identification of the appropriate insurance, policy and premium

    • execution of the contract stipulated with the interested party (if it is the customer)
    • IPA’s legitimate interests (to establish the likely risk profile and identify the appropriate Insurer and insurance product)

    For the processing of particular categories of Personal Data (e.g. health data) and criminal record data:

    • consent

    Recipients of the information

    • Insurers / Insurance Companies

    Policy management

    Purpose of the treatment

    General support, including customer communications.

    Legal foundations

    • execution of the contract stipulated with the interested party (if it is the customer)
    • legitimate interests of IPA (to communicate with customers, beneficiaries and claimants to facilitate

    the submission of claims under insurance policies)

    For the processing of particular categories of Personal Data (e.g. health data) and criminal record data:

    • consent

    Collecting or returning premiums, paying claims, and processing and facilitating other payments.

    Legal foundations

    • execution of the contract stipulated with the interested party (if it is the customer)
    • legitimate interests of IPA (collection of its debts)

    Recipients of the information

    • Insurers
    • banks
    • debt collection company

    Processing of compensation claims

    Management of compensation claims.

    Legal foundations

    • execution of the contract stipulated with the interested party (if it is the customer)
    • legitimate interests of IPA (to provide assistance to customers in assessing and submitting compensation claims)

    For the processing of particular categories of Personal Data (e.g. health data) and criminal record data:

    • consent

    Recipients of the information

    • Insurers
    • claims handlers
    • lawyers
    • experts
    • experts
    • third parties involved in the management or who deal with some aspects of the accident, such as healthcare professionals

    Action or defense in legal proceedings.

    • execution of the contract stipulated with the interested party (if it is the customer)
    • legitimate interests of IPA (to provide assistance to customers in assessing and submitting compensation claims)

    For the processing of particular categories of Personal Data (e.g. health data) and criminal record data:

    • promote legal actions and take action or defend oneself in court

    Recipients of the information

    • Insurers
    • claims handlers
    • lawyers
    • experts
    • experts
    • third parties involved in the management or who deal with some aspects of the accident, such as healthcare professionals

    Purpose of the treatment

    Fraud investigation and prosecution.

    Legal foundations

    • execution of the contract stipulated with the interested party (if it is the customer)
    • IPA’s legitimate interests (to help prevent and detect fraud)

    For the processing of particular categories of Personal Data (e.g. health data) and criminal record data:

    • promote legal actions and take action or defend oneself in court
    • consent

    Recipients of the information

    • Insurers
    • lawyers
    • police forces
    • experts
    • other insurers
    • anti-fraud database
    • third parties involved in investigative activities or judicial actions, such as private investigators

    Renewals

    Interactions with the customer to proceed with the renewal of the insurance policy.

    Legal foundations

    • execution of the contract stipulated with the interested party (if it is the customer)
    • legitimate interests of IPA (to communicate with customers in order to facilitate the continuation of insurance coverage)

    Recipients of the information

    • insurers

    Throughout the entire insurance lifecycle

    Marketing analytics and direct marketing, including data anonymization.

    Legal foundations

    • legitimate interests of IPA (to present relevant offers to customers)
    • consent, where there is no pre-existing relationship with the interested party

    Recipients of the information

    • Insurers, including foreign ones
    • Group companies, including foreign ones
    • other Intermediaries

    Corporate book transfers, sales and reorganization of companies

    Legal foundations

    • legitimate interests of IPA (to organize the activity appropriately)

    For the processing of particular categories of Personal Data:

    • consent

    Recipients of the information

    • Group Companies
    • Law courts
    • Buyer (real and potential)

    General risk modeling.

    • IPA’s legitimate interests (to create risk models that allow risk to be allocated to appropriate Insurers)

    For the processing of particular categories of Personal Data (e.g. health data) and criminal record data:

    • consent

    Compliance with our legal or regulatory obligations.

    Legal foundations

    • fulfillment of a legal obligation

    For the processing of particular categories of Personal Data (e.g. health data) and criminal record data:

    • promote legal actions and take action or defend oneself in court
    • consent

    Recipients of the information

    • insurance supervisors, data protection authorities and other regulatory authorities
    • police forces
    • Insurers

    CONSENT

    To facilitate the provision of insurance coverage and manage compensation requests, the activity is based on the necessary and requested consent of the interested party to the processing of particular categories of Personal Data and criminal record data, including health data and criminal records, according to the methods illustrated in the previous table and as regards profiling, in compliance with what is established in the following section. The consent of the interested party authorizes us to share the information with other Insurers, Intermediaries and Reinsurers, including foreign ones, who may need to process such data to carry out their role in the insurance market (which, in turn, allows share the risk and determine the price in a sustainable manner).

    The interested party’s consent to the processing of particular categories of Personal Data and criminal record data is an essential prerequisite for IPA to be able to provide the services requested by the customer.

    If the interested party provides us with information relating to other people, he undertakes to inform them of the use of their Personal Data by IPA and to obtain their consent on our behalf.

    The interested party can revoke his consent to such processing at any time and request the deletion of his data. By doing so, however, IPA may no longer be able to continue providing services to the customer in question. Furthermore, if a data subject withdraws his/her consent to the processing of particulate categories of Personal Data and criminal record data by an Insurer or Reinsurer, continuity of insurance coverage may not be guaranteed.

    PROFILING (AND AUTOMATED DECISION-MAKING PROCEDURES)

    Insurance premiums are calculated by insurance market operators by carrying out a comparative analysis of the characteristics of customers and beneficiaries compared to those of other customers and beneficiaries and evaluating the probability that the insured events will occur. As part of this comparative and statistical analysis, IPA and other Insurance Market Operators must collect and analyze the information received from all insureds, beneficiaries or applicants to model these propensities. Consequently, Personal Data may be used both to compare them with the information contained in the models and to create models that allow setting the prices of premiums in general and for other insured persons. IPA and other Insurance Market Operators may use particular categories of Personal Data and criminal records data (for such modeling activity to the extent necessary for the purpose, as in the case of health data for life insurance or previous convictions for crimes committed while driving case of car insurance).

    IPA and other Insurance Market Operators use these techniques to evaluate the information provided by customers and interested parties in order to understand fraud mechanisms, determine the likelihood of future losses in the event of compensation claims and for the purposes explained below.

    These templates are used exclusively for the purposes specified in this privacy policy. In most cases, our collaborators’ decisions are based on models.

    Automated brokerage platform

    When customers use the automated brokerage platform, quotes are processed exclusively by analyzing what is provided by customers to verify whether or not they correspond to the criteria established by the Insurers; this analysis therefore allows you to determine (to the extent permitted by applicable legislation and with the limit of the automatically generated estimate) (a) whether it is possible to proceed with an estimate, (b) under what conditions (c) at what price. Each insurer uses different algorithms to set their prices and customers should consult each insurer’s privacy policy for more information.

    The platform simply evaluates whether the attributes of potential policyholders meet the insurers’ models and returns the relevant results. If the potential insured’s attributes do not align with insurers’ models, the quote request is passed to an underwriting team for review. Fraud prediction algorithms are also applied to the information we receive from customers in order to identify and prevent any fraudulent behavior. All profiling and related algorithms are subjected to periodic review to identify possible inaccuracies and systematic errors.

    These partially automated processes may result in the customer not being offered insurance coverage or impact the price or terms of the policy.

    Customers can request information on the methodology used for decision making and ask us to verify the correctness of the automated decision. IPA has the right to reject such a request, to the extent permitted by applicable law, even if the transmission of this information would result in the disclosure of a trade secret or would interfere with the prevention and detection of fraud or other crimes; however, in such circumstances we will still verify that the algorithm and source data work as expected and are free from errors or distortions.

    SECURITY MEASURES

    Physical, electronic and procedural security measures are adopted that are appropriate to the sensitivity of the information in our possession. These measures vary depending on the sensitivity, format, location, quantity and manner of distribution and storage of the Personal Data and include measures designed to protect the Personal Data against unauthorized access. Security measures include, where appropriate, encryption of communications via SSL, encryption of stored information, firewalls, access controls, segregation of duties and other similar security protocols. Access to Personal Data is limited to personnel and third parties who need to access it for appropriate and legitimate business purposes and subject to consent.

    LIMITS ON THE COLLECTION AND STORAGE OF PERSONAL DATA

    Personal Data is collected, used, disclosed and processed to the extent necessary to achieve the purposes identified in this privacy policy or within the limits permitted by law. If it is deemed necessary to collect Personal Data for purposes incompatible with those specified in this privacy policy, IPA will communicate the new purpose to customers and will obtain, where necessary, the consent of the interested parties (or to ask other parties to do so on behalf of IPA) to the processing of Personal Data for the new purposes.

    Personal Data is retained for the period of time necessary to satisfy legal requirements, business and contractual needs. Personal Data is retained for the time necessary to achieve the processing purposes for which it was collected and other permitted and related purposes or as required by applicable legislation. When Personal Data is no longer needed, it is either anonymized (with the option to retain and further use the anonymized information) or securely destroyed.

    CROSS-BORDER TRANSFER OF PERSONAL DATA

    IPA transfers Personal Data, for the purposes referred to in the processing, to countries both within and outside the European Economic Area (EEA) or allows access to Personal Data from the aforementioned countries. If the data protection regulations in force in these countries do not guarantee levels of protection of Personal Data similar to that guaranteed within the EEA, IPA undertakes, in any case, to safeguard Personal Data according to the terms established in this privacy information and in the relevant EU Regulation.

    Some countries outside the EEA have been recognized by the European Commission as offering a level of protection substantially equivalent to that provided by current data protection laws in the EEA. EU data protection laws allow IPA to freely transfer Personal Data to such countries.

    In the event of transfer of Personal Data to other countries not belonging to the EEA, the legal conditions justifying such transfer will be provided, such as binding corporate rules, standard contractual clauses, the consent of the interested parties or other reasons permitted by the applicable legislation.

    Data subjects may request further information on the specific security measures applied to the export of their Personal Data by contacting Legal Counsel at the address below.

    ACCURACY, RELIABILITY, TRANSPARENCY AND USER RIGHTS

    We work to ensure that Personal Data is always accurate, complete and up-to-date. Interested parties can contact us at privacy@ipagency.it to update their personal information.

    Any questions about the practices adopted by IPA regarding privacy must first be addressed to the Data Processing Manager of IPA who, as the conditions are not met, has not appointed the DPO (Data Protection Officer).

    In certain circumstances, interested parties have the right to contact IPA to request the following:

    • further details on how we use and process their Personal Data;
    • a copy of their Personal Data stored;
    • the correction of any inaccuracies in the Personal Data held by IPA;
    • the deletion of Personal Data in the event that there is no longer a legal basis justifying the processing;
    • where the processing is based on consent, its revocation;
    • the opposition to the processing of Personal Data motivated by IPA on the legal basis of “legitimate interest”, unless IPA’s reasons prevail over the prejudice caused to the privacy rights of the interested parties; And
    • the limitation of the processing of Personal Data for the time necessary to examine the interested party’s request.

    These rights are subject to some exceptions in order to protect public interests (e.g. the prevention and detection of crimes) and our interested parties (e.g. respect for professional secrecy). IPA is committed to responding to most requests within 30 days, where possible.

    If IPA is unable to provide an adequate response to a request for clarification or a complaint, interested parties have the right to forward a complaint to the Guarantor Authority for the Protection of Personal Data (Public Relations Office, Piazza di Monte Citorio n. 121 – 00186 Rome telephone (+39) 06.69677.2917 e-mail urp@gpdp.it

    QUESTIONS, REQUESTS OR COMPLAINTS

    For any questions or requests relating to this privacy policy, you can contact Legal Counsel by writing to the following address:

    Legal Counsel
    Insurance Placement Agency Srl
    Porta Nuova Corso n. 16 – 20121 Milan
    Email privacy@ipagency.it

    CHANGES TO THIS PRIVACY POLICY

    This privacy policy may be modified at any time. The last change was made on ( October 24, 2023). Whenever changes are made to the privacy policy, IPA will update the date relating to the latest version.

    MAIN INSURANCE TERMS

    • Beneficiary : is the natural or legal person designated in a policy, who can receive payment of the expected compensation, if an insured event occurs. The beneficiary does not necessarily have to coincide with the Insured or the policy holder and it is possible to designate multiple beneficiaries in the same insurance policy.
    • Claimant : can be either a beneficiary making a claim under an insurance policy, or a natural or legal person making a claim against a beneficiary, if the claim in question is covered by the policy insurance.
    • Claims Processing : This is the process of handling a claim filed under an insurance policy.
    • Quotation : This is the process of offering a quote to a potential Insured/Policyholder for an insurance policy.
    • Activation : this is the moment from which the insurance policy becomes effective.
    • Insurance : This is the process of pooling and transferring risk to provide financial protection in the event of a future, unpredictable event. There are many types of insurance. The term insurance can also refer to reinsurance.
    • Insurance Policy : It is an insurance contract between the Insurer and the Insured or the policy holder.
    • Insurance market operator or simply Operator : the term refers to an Intermediary, Insurer or Reinsurer.
    • Insured / policy holder: is the natural or legal person in whose name the insurance policy is issued. A potential Insured/Policyholder can approach an Intermediary to purchase an insurance policy or can contact an Insurer directly or through a rate comparison site.
    • Insurers : They provide insurance coverage to the Insured/Policy holders on payment of a premium. An Insurer can also be a Reinsurer.
    • Intermediaries : help policy holders and insurers arrange insurance coverage. They can offer advice and manage compensation claims. Many insurance and reinsurance policies are stipulated through intermediaries.
    • Policy management : is the process of administering and managing an insurance policy starting from its activation.
    • Premium : is the sum of money that the Insured/Policyholder must pay to the Insurer in relation to the insurance policy stipulated.
    • Reinsurers : Provide insurance coverage to another Insurer or Reinsurer. This type of insurance is called “Reinsurance”.
    • Renewal : is the process through which the Insurer, as part of an insurance policy, provides a quote to the Insured / policy holder for the activation of a new insurance policy upon expiry of the existing one.

    MAIN TERMS RELATING TO DATA PROTECTION

    • GDPR : this acronym indicates the EU General Data Protection Regulation and the national data protection legislation in force in the EU member state in which IPA is based.
    • Data Controller : the term refers to the entity responsible for collecting and storing Personal Data. This entity decides which Personal Data to collect and the purposes of using the Personal Data collected. Any Insurance Market Operator that uses Personal Data for the established purposes may be a data controller.
    • Personal data : this term refers to information that makes the interested party identifiable and which refers or can be traced back to the interested party. This definition may include data relating to compensation claims submitted by the data subject.
    • Processing of Personal Data : This term refers to the collection, use, storage, disclosure or deletion of Personal Data.