HSBEIL

Normal view (turn off text only mode)
You are here:

Our Processing Of Your Personal Information

Our relationship with you and the type of services we provide, whether it be insurance or inspection services to you, will dictate the nature of personal information that we need to collect about you. It will also dictate the uses we make of your personal information, for example we will collect different personal information according to whether you are an insured policyholder or beneficiary under an insurance policy, claimant, a customer to whom we provide inspection services, a user of our website or a job applicant.


When we provide our services, we may need details of any unspent criminal convictions you have for fraud prevention purposes.


Where you provide personal information to us about other individuals (for example, family members who are a named beneficiary under your policy, or where you are a customer to whom we provide inspection services and you provide us with personal information about your employees or your own customers), we will also be data controller of their personal information. You should refer them to this notice before supplying us with their data on their behalf.

Our Relationship With You

The information that we collect and process will depend on our relationship with you. Please click on the sections below that best describes your relationship with us.

HSB Insurance

Prospective policyholders (including sole traders) or beneficiaries

If you apply for an insurance policy with us, or if you are listed as an applicant or a beneficiary under a policy that someone else has with us (for example your employer), this section will be relevant to you and sets out our uses of your personal information.

What personal information will we collect?

  • Your name
  • Your job title
  • Your job history
  • Your address
  • Your telephone number
  • Your email address
  • Your date of birth
  • Your gender
  • Your bank and payment details
  • Your broker reference number
  • The results of any credit check conducted about you, which may include bankruptcy orders, individual voluntary arrangements or country court judgments
  • Information about an individual's relationship to the policyholder where they are the beneficiary
  • Information that we obtain as part of checking sanctions lists
  • Any information that is relevant to your insurance application such as previous insurance policies you have held and claims you have made. This will also include any information specific to the type of policy you are applying for
  • Information gathered from publicly available sources such as the electoral roll, newspapers and social media sites
  • Any other information passed on from you, your insurance broker or someone else applying on your behalf

What special categories of personal information will we collect?

Details about your criminal convictions and any related information for fraud investigation purposes. This will include information relating to any offences or alleged offences you have committed, or any court sentences which you are subject to.

How will we collect your personal information?

We will collect your personal information:


  • Face to face (directly from you and through third parties, e.g. brokers or loss adjusters)

  • Via proposal forms (submitted directly by you and through third parties, e.g. brokers)

  • From you:
    • By telephone – we record calls to and from our claims, complaints and policy processing teams
    • By email
    • By post
    • Via our website
    • Via the internet


We will collect your personal information from third parties including:


  • From your broker
  • Credit reference agencies, such as Dun & Bradstreet
  • Other insurers


We will also collect your personal information from: 


  • Publicly available sources including internet search engines, Companies House, social media such as LinkedIn and corporate customer websites
  • Our internal departments. This includes access by relevant personnel to personal information held in our central IT systems, which include:
    • Our policy administration systems
    • Our claims systems (which include claims reports and claims payment requests)
    • Our operational risk event records
    • Our electronic content management system (an optical archive of scanned documents)
  • Other third parties involved in the insurance application process (such as our business partners and representatives)
  • Publicly available sources such as the electoral roll, court judgments, insolvency registers, Companies House
  • Other HSB Group companies
  • Financial crime detection agencies and insurance industry databases (such as for fraud prevention and checking against international sanctions)

What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds” when we process your "personal information":


  • We need to use your personal information to enter into or perform the insurance contract that we hold with you. For example, we need to use your personal information to provide you with a quote.
  • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you and to ensure we are not used to further financial crime.
  • We need to use your personal information for a justifiable purpose (e.g., to keep a record of the decisions we make when different types of applications are made, to keep business records, to carry out strategic business analysis, review our business planning and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests and ensure that your rights to privacy does not outweigh our reason for using the personal information in that way.


When the information that we process is classed as “special categories of personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "special categories of personal information":

 

  • We need to use your special categories of personal information for purposes relating to an insurance policy or claim and there is a substantial public interest in such use. Such purposes include assessing your insurance application, managing claims and preventing and detecting fraud.
  • We need to use such special categories of personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
  • You have provided your consent to our use of your special categories of personal information.


Purpose for processing Legal grounds for using your personal information  Legal grounds for using your special categories of personal information
Assessment of policy eligibility It is necessary to enter into or perform your insurance contract.

We have a justifiable purpose (to assess the eligibility of an individual before we provide insurance cover).
It is necessary for the insurance purpose of administering a prospective insurance policy.

 
Determining underwriting premium price It is necessary to enter into or perform your insurance contract.

We have a justifiable purpose (to determine an appropriate premium price).
 
Maintaining accounting records We have a justifiable purpose (to maintain appropriate records).  
Analysis of financial results We have a justifiable purpose (to analyse our financial results and making any adjustments to our business and offerings).  
To prevent and investigate fraud We have a justifiable purpose (to prevent fraudulent activity).

To comply with our legal and regulatory obligations to detect fraud.
There is a substantial public interest to process criminal convictions data for the insurance purpose of underwriting a potential insurance policy.

It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).
Internal audit requirements We have a justifiable purpose (to carry out internal audits).  
Receiving professional advice (e.g. tax or legal advice) We have a justifiable purpose (to receive professional external  advice such as legal or tax advice).  
To carry out credit checks We have a justifiable purpose (to carry out credit checks).

It is necessary to enter into or perform your insurance contract.
 
Maintaining a record of contact and payment details We have a justifiable purpose (to maintain appropriate records of all payments and to ensure we can contact you).

It is necessary to enter into or perform your insurance contract.
 
Maintaining data to perform risk management oversight We have a justifiable purpose (to maintain records for our own risk purposes).  
For business development  We have a justifiable purpose (to continuously develop our business according to customer needs and market trends).  
To handle complaints We have a justifiable purpose (to respond and handle all complaints).

To comply with our legal and regulatory obligations to handle complaints appropriately.
 
For training, monitoring and quality control We have a justifiable purpose (to record calls and review other personal information for training, monitoring and quality control purposes).  

Who do we share your personal information with?

We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:


Internal disclosures with HSB teams
Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspection businesses for the purposes described above including:


  • Via internal reports
  • Via access to central IT systems


Disclosures to third parties
We also disclose your information to the following third parties for the purposes described above. You can contact us for details of specific disclosures made in respect of your information.


  • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US) – our US parent company
  • Fraud detection agencies
  • Any agent or representative acting for you
  • Insurers and reinsurers
  • Other third parties in the insurance distribution chain who we rely on to administer insurance such as brokers, insurers and other intermediaries
  • Actuaries, including Milliman LLP
  • Auditors (including HSB Group internal audit team and KPMG)
  • Solicitors
  • Tax advisors
  • Debt collection agencies
  • Credit referencing agencies, including Dun & Bradstreet
  • IT providers/hosted IT solution providers including:
    •  Our US parent HBS IIC  who host our policy administration system and our sanctions checking system;
    • Our ultimate parent company Munich Re who host our email servers
  • Our regulators including the Financial Conduct Authority, the Prudential Regulation Authority and the Information Commissioner's Office
  • The police, HMRC and other crime prevention and detection agencies
  • The Financial Ombudsman Service
  • Selected third parties in connection with any sale, transfer or disposal of our business
  • Any other person where necessary to perform any insurance contract with you, in order to protect ourselves from risk or to ensure regulatory compliance or good governance

Policyholders (including sole traders) or beneficiaries

If you hold an insurance policy with us, or if you are listed as a beneficiary under a policy that someone else has with us, this section will be relevant to you and sets out our uses of your personal information.

What personal information will we collect?

  • Your name
  • Your job title
  • Your job history
  • Your address
  • Your telephone number
  • Your email address
  • Your date of birth
  • Your gender
  • Your bank and payment details
  • Your broker reference number
  • The results of any credit check conducted about you, including bankruptcy orders, individual voluntary arrangements or country court judgments
  • Information about an individual's relationship to the policyholder where they are the beneficiary
  • Information that we obtain as part of checking sanctions lists
  • Any information that is relevant to your insurance policy such as previous insurance policies you have held and claims you have made. This will also include any information specific to the type of policy the individual is applying for
  • Any information relevant to a claim made
  • Information gathered from publically available sources such as the electoral roll, newspapers and social media sites
  • Any other information passed on from you, your insurance broker or someone else applying on your behalf

What special categories of personal information will we collect?

Details about your criminal convictions and any related information for fraud investigation purposes. This will include information relating to any offences or alleged offences you have committed or any court sentences which you are subject to.

How will we collect your personal information?

We will collect your personal information:


  • Face to face (directly from you and through third parties, e.g. brokers or loss adjusters)
  • Via proposal forms and claim forms (submitted directly by you and through third parties, e.g. brokers)
  • From you:
    • By telephone - we record calls to and from our claims, complaints and policy processing teams
    • By email
    • By post
    • Via our website
    • Via the internet


We will collect your personal information from third parties including:


  • From your broker
  • Credit reference agencies, such as Dun & Bradstreet
  • Loss adjusters
  • Insurers
  • From your employer, where you are due to be covered by an insurance policy your employer takes out, or the policyholder


We will also collect your personal information from:

 

  • Publicly available sources including internet search engines, companies house, social media such as LinkedIn and corporate customer websites
  • Our internal departments. This includes access by relevant personnel to personal information held in our central IT systems, which include:
    • Our policy administration systems
    • Our claims systems (which include claims reports and claims payment requests)
    • Our operational risk event records
    • Our electronic content management system (a repository of scanned documents)
  • Other third parties involved in the insurance application process (such as our business partners and representatives)
  • Other third parties involved in claims handling/a claim made such as claims handlers, investigators, witnesses, claimants.
  • Publicly available sources such as the electoral roll, court judgments, insolvency registers
  • Other HSB Group companies
  • Financial crime detection agencies and insurance industry databases (such as for fraud prevention and checking against international sanctions)

What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

 

  • We need to use your personal information to enter into or perform the insurance contract that we hold with you. For example, we need to use your personal information to provide you with a quote, administer your policy and handle any claims you have.

 

  • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you and to ensure we are not used to further financial crime.
  • We need to use your personal information for a justifiable purpose (e.g. to keep a record of the decisions we make when different types of applications are made, to keep business records, to carry out strategic business analysis, review our business planning and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests and ensure that your rights to privacy does not outweigh our reason for using the personal information in that way.


When the information that we process is classed as “special categories of personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "special categories of personal information":

 

  • We need to use your special categories of personal information for purposes relating to an insurance policy or claim and there is a substantial public interest in such use. Such purposes include assessing your insurance application, managing claims and preventing and detecting fraud.
  • We need to use such special categories of personal information to establish, exercise or defend legal rights.  This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
  • You have provided your consent to our use of your special categories of personal information.


Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information
Assessment of policy eligibility It is necessary to enter into or perform your insurance contract.

We have a justifiable purpose (to assess the eligibility of an individual before we provide insurance cover).
It is necessary for the insurance purpose of administering a prospective insurance policy.
Determining underwriting premium price It is necessary to enter into or perform your insurance contract.

We have a justifiable purpose (to determine an appropriate  premium price).
 
Administering your insurance policy It is necessary to enter into or perform your insurance contract. It is necessary for the insurance purpose of administering a prospective insurance policy.
Claims investigation/validation and handing claims made under a policy It is necessary to enter into or perform your insurance contract.

We have a justifiable purpose (to investigate and handle all claims).
It is necessary for the insurance purpose of handling claims.

We need to use your information in order to establish, exercise or defend legal rights.
Maintaining accounting records We have a justifiable purpose (to maintain appropriate records).  
Analysis of financial results We have a justifiable purpose (to analyse our financial results and making any adjustments to our business and offerings).  
To prevent and investigate fraud We have a justifiable purpose (to prevent any fraudulent activity).

To comply with our legal and regulatory obligations to detect fraud.
There is a substantial public interest to process criminal convictions data for the insurance purpose of underwriting a potential insurance policy.

It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).
Internal audit requirements We have a justifiable purpose (to carry out internal audits).  
Receiving professional advice (e.g tax or legal advice) We have a justifiable purpose (to receive professional external  advice such as legal or tax advice).  
To carry out credit checks We have a justifiable purpose (to carry out credit checks).

It is necessary to enter into or perform your insurance contract.
 
Maintaining a record of contact and payment details We have a justifiable purpose (to maintain appropriate records of all payments and to ensure we can contact you).

It is necessary to enter into or perform your insurance contract.
 
Maintaining data to perform risk management oversight We have a justifiable purpose (to maintain records for our own risk purposes).  
Debt collection and cash processing We have a justifiable purpose (to collect debt and manage cash flows).  
For business development  We have a justifiable purpose (to continuously develop our business according to customer needs and market trends).  
To handle complaints We have a justifiable purpose (to respond and handle all complaints).

To comply with our legal and regulatory obligations to handle complaints appropriately.
 
For training, monitoring and quality control  We have a justifiable purpose (to record calls and review other personal information for training, monitoring and quality control purposes).  

Who do we share your personal information with?

We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:


Internal disclosures with HSB teams

Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspection businesses for the purposes described above, including:


  • Via internal reports
  • Via access to central IT systems


Disclosures to third parties
We also disclose your information to the following third parties for the purposes described above. You can contact us for details of specific disclosures made in respect of your information.


  • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US) – our US parent company
  • Fraud detection agencies
  • Any agent or representative acting for you
  • Insurers and reinsurers
  • Other third parties in the insurance distribution chain who we rely on to administer insurance such as brokers, insurers and other intermediaries
  • Actuaries, including Milliman LLP
  • Auditors (including HSB Group internal audit team and KPMG)
  • Solicitors
  • Tax advisors
  • Salvage agents
  • Debt collection agencies
  • Credit referencing agencies, including Dun & Bradstreet
  • Loss adjusters (worldwide)
  • IT providers/hosted IT solution providers including:
    • Our US parent company HSB IIC who host our policy administration system and our sanctions checking system;
    • Our ultimate parent company Munich Re who host our email servers
  • Financial crime detection agencies and insurance industry databases (such as for fraud prevention and checking against international sanctions)
  • Other third parties involved in claims handling such as claims handlers, investigators and medical experts, witnesses, claimants
  • Our regulators including the Financial Conduct Authority, the Prudential Regulation Authority and the Information Commissioner's Office
  • The police, HMRC and other crime prevention and detection agencies
  • The Financial Ombudsman Service
  • Selected third parties in connection with any sale, transfer or disposal of our business
  • Any other person where necessary to perform any insurance contract with you, in order to protect ourselves from risk or to ensure regulatory compliance or good governance

Third party claimants

If you make a claim against an individual or organisation who holds an insurance policy with us, this section will be relevant to you and sets out our uses of your personal information.

What personal information will we collect?

  • Your name
  • Your address
  • Your telephone number
  • Your email address
  • Any information relevant to a claim made
  • Information gathered from publically available sources such as the electoral roll, newspapers and social media sites
  • Any other information passed on from someone else such as the insured

What special categories of personal information will we collect?

  • Details about your physical and mental health if relevant (for third party lability claims) which are relevant to your policy.
  • Details about your criminal convictions and any related information for fraud investigation purposes. This will include information relating to any offences or alleged offences you have committed or any court sentences which you are subject to.

How will we collect your personal information?

We will collect your personal information:

 

  • Face to face (directly from you and through third parties e.g. the insured)
  • From you:
    • By telephone - we record calls to and from our claims, complaints and policy processing teams
    • By email
    • By post
    • Via our website
  • Via a claim form (submitted directly by the insured)


We will collect your personal information from third parties including:


  • From your representative
  • Loss adjusters
  • Insurers


We will also collect your personal information from:

 

  • Publicly available sources including internet search engines, companies house, social media such as LinkedIn, corporate customer websites, electoral roll, court judgments, insolvency registers
  • Our internal departments. This includes access by relevant personnel to personal information held in our central IT systems, which include:
    • Our policy administration systems
    • Our claims systems (which include claims reports and claims payment requests)
    • Our operational risk event records
    • Our electronic content management system (a repository of scanned documents)
  • Other third parties involved in the insurance application process (such as our business partners and representatives)
  • Other third parties involved in claims handling/a claim made such as claims handlers investigators, witnesses
  • Other HSB Group companies

What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

 

  • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you and to ensure we are not used to further financial crime.
  • We need to use your personal information for a justifiable purpose (e.g. to keep a record of claims made, to keep business records, to carry out strategic business analysis, review our business planning and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests ensure that your rights to privacy does not outweigh our reason for using the personal information in that way.


When the information that we process is classed as 'special categories of personal information', we must have an additional 'legal ground'. We will rely on the following legal grounds when we process your 'special categories of personal information':

 

  • We need to use your special categories of personal information for purposes relating to an insurance policy or claim and there is a substantial public interest in such use. Such purposes include managing claims and preventing and detecting fraud.
  • We need to use such special categories of personal information to establish, exercise or defend legal rights.  This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
  • You have provided your consent to our use of your special categories of personal information.


Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information
Claims investigation/validation and handing claims made under a policy We have a justifiable purpose (to investigate all claims made). It is necessary for the insurance purpose of handling claims.

We need to use your information in order to establish, exercise or defend legal rights.
Maintaining accounting records We have a justifiable purpose (to maintain appropriate records).  
Analysis of financial results We have a justifiable purpose (to analyse our financial results and making any adjustments to our business and offerings).  
To prevent and investigate fraud We have a justifiable purpose (to prevent any fraudulent activity).

To comply with our legal and regulatory obligations to detect fraud.
There is a substantial public interest to process criminal convictions data for the insurance purpose of handling claims.

It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).
Internal audit requirements We have a justifiable purpose (to carry out internal audits).  
Receiving professional advice (e.g., tax or legal advice) We have a justifiable purpose (to receive professional external  advice such as legal or tax advice).  
Maintaining a record of contact details We have a justifiable purpose (to maintain appropriate records to ensure we can contact you).  
Maintaining data to perform risk management oversight We have a justifiable purpose (to maintain records for our own risk purposes).  
For business development  We have a justifiable purpose (to continuously develop our business according to customer needs and market trends).  
To handle complaints We have a justifiable purpose (to respond to and handle all complaints).

To comply with our legal and regulatory obligations to handle complaints appropriately.
 
For training, monitoring and quality control We have a justifiable purpose (to record calls and review other personal information for training, monitoring and quality control purposes).  

Who do we share your personal information with?

We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:


Internal disclosures with HSB teams
Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspection businesses for the purposes described above, including:


  • Via internal reports
  • Via access to central IT systems


Disclosures to third parties
We also disclose your information to the following third parties for the purposes described above. You can contact us for details of specific disclosures made in respect of your information.


  • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US) – our US parent company
  • Any agent or representative acting for you
  • Insurers and reinsurers
  • Other third parties in the insurance distribution chain who we rely on to administer insurance such as brokers, insurers and other intermediaries
  • Actuaries including Milliman LLP
  • Auditors (including HSB Group internal audit team and KPMG)
  • Solicitors
  • Tax advisors
  • Salvage agents
  • Debt collection agencies
  • Brokers
  • Loss adjusters (worldwide)
  • IT providers/hosted IT solution providers including:
    • Our US parent company HSB IIC who host our policy administration system;
    • Our ultimate parent company Munich Re who host our email servers
  • Financial crime detection agencies and insurance industry databases (such as for fraud prevention and checking against international sanctions)
  • Other third parties involved in claims handling such as claims handlers, investigators and medical experts, witnesses, claimants
  • Our regulators including the Financial Conduct Authority, the Prudential Regulation Authority and the Information Commissioner's Office
  • The police, HMRC and other crime prevention and detection agencies
  • The Financial Ombudsman Service
  • Selected third parties in connection with any sale, transfer or disposal of our business
  • Any other person where necessary to investigate any claim you make, in order to protect ourselves from risk or to ensure regulatory compliance or good governance.

Witnesses

If you witness an incident which a claim is being made against under an insurance policy we have administered, this section will be relevant to you and sets out our uses of your personal information.

What personal information will we collect?

  • Your name
  • Your job title
  • Your address
  • Your telephone number
  • Your email address
  • Any information relevant to an incident witnessed
  • Information gathered from publicly available sources such as the electoral roll, newspapers and social media sites
  • Any other information passed on from someone else such as the insured

What special categories of personal information will we collect?

Details about your physical and mental health if relevant to the incident you have witnessed.

How will we collect your personal information?

We will collect your personal information:


  • Face to face (directly from you and through third parties, e.g. the insured)
  • From you:
    • By telephone - we record calls to and from our claims, complaints and policy processing teams
    • By email
    • By post
    • Via the internet
  • Via a claim form (submitted directly by the insured)
  • From third parties including from the insured, claimants or other witnesses


We will also collect your personal information from our internal departments. This includes access by relevant personnel to personal information held in our central IT systems, which include:


  • Our policy administration systems
  • Our claims systems (which include claims reports and claims payment requests)
  • Our operational risk event records
  • Our electronic content management system (a repository of scanned documents)

What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":


  • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you and to ensure we are not used to further financial crime.
  • We need to use your personal information for a justifiable purpose (e.g. to keep records of claims, to keep business records, to carry out strategic business analysis, review our business planning and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests to privacy and ensure that your rights to privacy does not outweigh our reason for using the personal information in that way.


When the information that we process is classed as “special categories of personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "special categories of personal information":

 

  • We need to use your special categories of personal information for purposes relating to an insurance policy or claim, it is not feasible to get your consent and there is a substantial public interest in such use. Such purposes include managing claims and preventing and detecting fraud.
  • We need to use such special categories of personal information to establish, exercise or defend legal rights.  This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
  • You have provided your consent to our use of your special categories of personal information.


Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information
Claims investigation/validation and handing claims made under a policy We have a justifiable purpose (to investigate all claims made). It is necessary for the insurance purpose of handling claims under an insurance policy.

We need to use your information in order to establish, exercise or defend legal rights.
Maintaining accounting records We have a justifiable purpose (to maintain appropriate records).  
Analysis of financial results We have a justifiable purpose (to analyse our financial results and making any adjustments to our business and offerings).  
To prevent and investigate fraud We have a justifiable purpose (to prevent any fraudulent activity).

To comply with our legal and regulatory obligations to detect fraud.
There is a substantial public interest to process criminal convictions data for the insurance purpose of handling claims It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).
Internal audit requirements We have a justifiable purpose (to carry out internal audits).  
Receiving professional advice (e.g tax or legal advice) We have a justifiable purpose (to receive professional external  advice such as legal or tax advice).  
Maintaining a record of contact details We have a justifiable purpose (to maintain appropriate records to ensure we can contact you).  
Maintaining data to perform risk management oversight We have a justifiable purpose (to maintain records for our own risk purposes).  
For business development  We have a justifiable purpose (to continuously develop our business according to customer needs and market trends).  
To handle complaints We have a justifiable purpose (to respond and handle all complaints).

To comply with our legal and regulatory obligations to handle complaints appropriately.
 
For training, monitoring and quality control  We have a justifiable purpose (to record calls and review other personal information for training, monitoring and quality control purposes).  

Who do we share your personal information with?

We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:


Internal disclosures with HSB teams
Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspection businesses for the purposes described above including:


  • Via internal reports
  • Via access to central IT systems


Disclosures to third parties
We also disclose your information to the following third parties for the purposes described in above. You can contact us for details of specific disclosures made in respect of your information.


  • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US) – our US parent company
  • Insurers and reinsurers
  • Actuaries including Milliman actuarial function
  • Auditors (including HSB Group internal audit team and KPMG)
  • Solicitors
  • Tax advisors
  • Salvage agents
  • Debt collection agencies
  • Brokers
  • Loss adjusters (worldwide)
  • IT providers/hosted IT solution providers including:
    • our US parent company HSB IIC who host our policy administration and sanctions checking system;
    • our ultimate parent company Munich Re who host our email servers
  • Financial crime detection agencies and insurance industry databases (such as for fraud prevention and checking against international sanctions)
  • Other third parties involved in claims handling such as claims handlers, investigators and medical experts, witnesses, claimants
  • Our regulators including the Financial Conduct Authority, the Prudential Regulation Authority and the Information Commissioner's Office
  • The police, HMRC and other crime prevention and detection agencies
  • The Financial Ombudsman Service
  • Selected third parties in connection with any sale, transfer or disposal of our business
  • Any other person where necessary to investigate the incident you witnessed, in order to protect ourselves from risk or to ensure regulatory compliance or good governance


HSB Inspections

Sole trader customers and private clients

If you are a sole trader customer or an individual client that receives inspection services from us (such as statutory inspections of equipment for health and safety purposes), this section will be relevant to you and sets out our uses of your personal information.

What personal information will we collect?

  • Your name
  • Your job title
  • Your job history
  • Your home or business address
  • Your telephone numbers
  • Your email address
  • Information which we obtain as part of checking sanctions lists
  • Information gathered from publicly available sources such as internet search engines, customer websites
  • Any other information about your business or location, such as the equipment you wish us to inspect or we have inspected

What special categories of personal information will we collect?

  • Details about your criminal convictions and any related information. This will include information relating to any offences or alleged offences you have committed or any court sentences:

(i)             as they relate to fraud

(ii)            as part of an investigation into any relevant health and safety breach or an incident under the 'Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR)'

How will we collect your information?

We will collect your personal information directly from you:

 

  • Face to face
  • From you:
    • By telephone – we record calls to and from our complaints and contract administration and processing teams
    • By email
    • By post
    • Via our website


We will also collect your personal information from:

 

  • Your agent or representative
  • Publicly available sources including internet search engines, companies house, credit reference agencies, social media such as LinkedIn and corporate customer websites
  • Third parties such as brokers or insurer partners
  • Information which we obtain as part of checking sanctions lists.
  • Our internal departments. This includes access by relevant personnel to personal information held in our central IT systems, which include:
    • Our contract administration systems
    • Our inspection reports online portal
    • Our inspection appointment scheduling system
    • Our operational risk event records
    • Our electronic content management system (a repository of scanned documents)

What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

 

  • We need to use your personal information to enter into or perform the inspection services contract that we hold with you. For example, we need to use your personal information to contact you to arrange an inspection of your workplace.
  • We have a legal or regulatory obligation to use such personal information. For example, the health and safety regulators require us to hold certain records of our dealings with you and to report certain defects discovered as a result of an inspection.
  • We need to use your personal information for a justifiable purpose (e.g. to keep a record of all inspections we carry out, to keep business records, to carry out strategic business analysis, review our business planning and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests and ensure your right to privacy does not outweigh our reason for using the personal information in that way.
  • We need to use your personal information to protect the vital interests of individuals such as employees or members of the public, for example to report a machinery fault that poses a risk to life.


When the information that we process is classed as “special categories of personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "special categories of personal information":

 

  • We need to use such special categories of personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.


Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information
Arranging and executing inspections and reporting back to the client It is necessary to enter into or perform  your inspection services contract.

We have a justifiable purpose (to report back to you on our findings).

To perform a task in the public interest which is laid down by law, for example the Health & Safety at Work Act.
 
To report back on defects found during examination of equipment which pose a danger and threaten the well-being of the public We have a justifiable purpose (to report back to you on any defects).

It is necessary to enter into or perform  your inspection services contract.

To comply with our legal and regulatory obligations.

It is necessary to protect the vital interests of your employees or other members of the public.

To perform a task in the public interest which is laid down by law, for example the Health & Safety at Work Act.
 
To investigate health and safety breach or RIDDOR incident We have a justifiable purpose (to investigate health and safety breaches as part of our inspection services offering).

To comply with our legal and regulatory obligations.

To perform a task in the public interest which is laid down by law, for example the Health & Safety at Work Act.
 
Investigating/validation of facts in the event of a risk event/incident We have a justifiable purpose (to investigate any facts where there is a risk posed).

It is necessary to enter into or perform  your inspection services contract.
 
Maintaining accounting records We have a justifiable purpose (to maintain appropriate records).  
Analysis of financial results We have a justifiable purpose (to analyse our financial results and making any adjustments to our business and offerings).  
To prevent and investigate fraud We have a justifiable purpose (to prevent any fraudulent activity).

To comply with our legal and regulatory obligations to detect fraud.
It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).

We have your explicit consent.
Internal audit requirements We have a justifiable purpose (to carry out internal audits).  
Receiving professional advice (e.g. tax or legal advice) We have a justifiable purpose (to receive professional external  advice such as legal or tax advice).  
To carry out credit checks  We have a justifiable purpose (to carry out credit checks).

It is necessary to enter into or perform  your inspection services contract.
 
Maintaining a record of contact and payment details We have a justifiable purpose (to maintain appropriate records of all payments and to ensure we can contact you).

It is necessary to enter into or perform  your inspection services contract.
 
Maintaining data to perform risk management oversight We have a justifiable purpose (to maintain records for our own risk purposes).  
Debt collection and cash processing We have a justifiable purpose (to collect debt and manage cash flows).  
For business development We have a justifiable purpose (to continuously develop our business according to customer needs and market trends).  
To handle complaints We have a justifiable purpose (to respond and handle all complaints).  
Maintaining contact details to provide you with  system information We have a justifiable purpose (to provide you with email updates about our inspection report online portal).  
For training, monitoring and quality control  We have a justifiable purpose (to record calls and review other personal information for training, monitoring and quality control purposes).  

Who do we share your personal information with?

We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:


Internal disclosures with HSB teams
Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspection businesses for the purposes described above, including:


  • Via internal reports
  • Via access to central IT systems


Disclosures to third parties
We also disclose your information to the following third parties for the purposes described above. You can contact us for details of specific disclosures made in respect of your information.


  • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US) – our US parent company
  • Any agent or representative acting for you
  • Insurers and reinsurers
  • Actuaries including Milliman LLP
  • Auditors (including HSB Group internal audit team and KPMG)
  • Solicitors
  • Tax advisors
  • Debt collection agencies
  • Credit referencing agencies, including Dun & Bradstreet
  • IT providers/hosted IT solution providers including:
    • our US parent company HSB who host our policy administration and sanction checking systems;
    • our ultimate parent company Munich Re who host our email servers  
  • Financial crime detection agencies and government databases (such as for fraud prevention and checking against international sanctions)
  • Regulators and accreditation bodies, including the Information Commissioner's Office
  • The police, HMRC, the Health and Safety Executive and other crime prevention, detection and enforcement agencies
  • Selected third parties in connection with any sale, transfer or disposal of our business

Employees of customers to which we provide inspection services

If you are an employee of a customer that we provide inspection services to, this section will be relevant to you and sets out our uses of your personal information.

What personal information will we collect?

  • Your name
  • Your job title
  • Your address
  • Your telephone numbers
  • Your email address

What special categories of personal information will we collect?

  • Details of your physical or mental health (if relevant to any investigation into a health and safety breach or an incident under the 'Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013' (RIDDOR).
  • Criminal records that relate to you (including offences and alleged offences and any court sentence or criminal conviction) if relevant to any investigation into a health and safety breach or an incident under the 'Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013' (RIDDOR).

How will we collect your information?

We will collect your personal information from you:

 

  • Face to face (when we visit you on site)
  • From you:
    • By telephone – we record calls to and from our complaints and contract administration and processing teams
    • By email
    • By post
    • Via our website

 

We will collect your personal information from your employer, where they provide your details for us to speak to or contact when we are conducting inspections or where your information is provided in documentation that your employer provides us with.

 

We will also collect your personal information from:

 

  • Publicly available sources including internet search engines, Companies House, social media such as LinkedIn and corporate customer websites
  • Our internal departments. This includes access by relevant personnel to personal information held in our central IT systems, which include:
    • Our contract administration systems
    • Our inspection reports online portal
    • Our inspection appointment scheduling system
    • Our operational risk event records
    • Our electronic content management system (a repository of scanned documents)

What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":


  • We have a legal or regulatory obligation to use such personal information. For example, the health and safety regulators require us to hold certain records of our dealings with you and to report certain defects discovered as a result of an inspection.
  • We need to use your personal information for a justifiable purpose (e.g. to keep a record of all employees we interact with when we carry out inspections, to keep business records, to carry out strategic business analysis, review our business planning and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests.
  • We need to use your personal information to protect your vital interests, for example to report a machinery fault that poses a risk to your life.
  • When the information that we process is classed as “special categories of personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "special categories of personal information":
  • We need to use such special categories of personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
  • We need to use your personal information to protect your vital interests, for example to report a machinery fault that poses a risk to your life.


Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information
Arranging and executing inspections and reporting back to the client We have a justifiable purpose (to report back to on our findings).

To perform a task in the public interest which is laid down by law, for example the Health & Safety at Work Act.
 
To report back on defects found during examination of equipment which pose a danger and threaten the well-being of the public and any employees We have a justifiable purpose (to report back to your employer on any defects).

It is necessary to protect your vital interests as an employee.

To perform a task in the public interest which is laid down by law, for example the Health & Safety at Work Act.
 
To investigate health and
safety breach or RIDDOR incident
We have a justifiable purpose (to investigate health and safety breaches as part of our inspection services offering).

It is necessary to protect your vital interests as an employee.

To comply with our legal and regulatory obligations.

To perform a task in the public interest which is laid down by law, for example the Health & Safety at Work Act.
We need to use your personal information to protect the vital interests of individuals such as employees or members of the public, for example to report a machinery fault that poses a risk to life.

We need to use your information in order to establish, exercise or defend legal rights.
Investigating/validation of facts in the event of a risk event/incident We have a justifiable purpose (to investigate any facts where there is a risk posed). We need to use your personal information to protect the vital interests of individuals such as employees or members of the public, for example to report a machinery fault that poses a risk to life.

We need to use your information in order to establish, exercise or defend legal rights.

We have your explicit consent.
Maintaining accounting records We have a justifiable purpose (to maintain appropriate records).  
Analysis of financial results We have a justifiable purpose (to analyse our financial results and making any adjustments to our business and offerings).  
Internal audit requirements We have a justifiable purpose (to carry out internal audits).  
Receiving professional advice (e.g tax or legal advice) We have a justifiable purpose (to receive professional external  advice such as legal or tax advice).  
Maintaining a record of contact details We have a justifiable purpose (to maintain appropriate records of all individuals we interact with).

It is necessary to enter into or perform  your inspection services contract.
 
Maintaining data to perform risk management oversight We have a justifiable purpose (to maintain records for our own risk purposes).  
To handle complaints We have a justifiable purpose (to respond and handle all complaints).

To comply with our legal and regulatory obligations to handle complaints appropriately.
 
Maintaining contact details to provide you with  system information We have a justifiable purpose (to provide you with email updates about our inspection report online portal).  
For training, monitoring and quality control We have a justifiable purpose (to record calls and review other personal information for training, monitoring and quality control purposes).  

Who do we share your personal information with?

We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:



Internal disclosures with HSB teams
Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspection businesses for the purposes described above including:


  • Via internal reports
  • Via access to central IT systems


Disclosures to third parties
We also disclose your information to the following third parties for the purposes described above. You can contact us for details of specific disclosures made in respect of your information.



  • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US) – our US parent company
  • Your employer
  • Your employer’s agent or representative
  • Insurers and reinsurers
  • Actuaries, including Milliman LLP
  • Auditors (including HSB Group internal audit team and KPMG)
  • Solicitors
  • Tax advisors
  • Debt collection agencies
  • IT providers/hosted IT solution providers including:
    • our US parent company HSB who host our policy and contract administration system;
    • our ultimate parent company Munich Re who host our email servers
  • Financial crime detection agencies and government databases (such as for fraud prevention and checking against international sanctions)
  • Regulators and accreditation bodies, including the Information Commissioner's Office
  • The police, HMRC, the Health and Safety Executive and other crime prevention, detection and enforcement agencies
  • Selected third parties in connection with any sale, transfer or disposal of our business

Customers of clients who have engaged us to inspect property at your location

If you are a customer or, for example, a council tenant, of an organisation who has engaged HSB Inspections to inspect property at your location (for example, a stair lift), this section will be relevant to you and sets out our uses of your personal information. 

What personal information will we collect?

  • Your name
  • Your address
  • Your telephone numbers
  • Details of the equipment to be inspected in your home or premises (for example, a stair lift)

What special categories of personal information will we collect?

Details of your physical or mental health (if relevant to any investigation into a health and safety breach or an incident under the 'Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013' (RIDDOR)

How will we collect your information?

We will collect your personal information from you:

 

  • Face to face (when we visit your location)
  • From you:
    • by telephone - we record calls to and from our complaints and contract administration and processing teams
  • We will collect your personal information from our client, where they provide your details for us to speak to or contact you to arrange an inspection or where your information is provided in documentation that they have provided us with.


We will also collect your personal information from:

 

  • Brokers or insurers
  • Our internal departments. This includes access by relevant personnel to personal information held in our central IT systems, which include:
    • Our contract administration systems
    • Our inspection reports online portal
    • Our inspection appointment scheduling system
    • Our operational risk event records
    • Our electronic content management system (a repository of scanned documents)

What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

 

  • We have a legal or regulatory obligation to use such personal information. For example, the regulators require us to hold certain records of our dealings with you and to report certain defects discovered as a result of an inspection.
  • We need to use your personal information for a justifiable purpose (e.g. to keep a record of all individuals we interact with when we carry out inspections, to keep business records, to carry out strategic business analysis, review our business planning and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests. 
  • We need to use your personal information to protect your vital interests, for example to report a machinery fault that poses a risk to your life.
  • We are performing a task in the public interest which is laid down by law, for example performing a statutory inspection of lifting equipment.

 

When the information that we process is classed as “special categories of personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "special categories of personal information":

 

  • We need to use such special categories of personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against our customer.
  • We need to use your personal information to protect your vital interests, for example to report a machinery fault that poses a risk to your life.
  • You have provided your consent to our use of your special categories of personal information. In some circumstances, we may need your consent to process special categories of personal information (e.g. health information). Without it, we may be unable to offer you our inspection services. We will always explain why your consent is necessary.


Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information
Arranging and executing inspections and reporting back to the client We have a justifiable purpose (to report back to on our findings).

To perform a task in the public interest which is laid down by law, for example the Health and Safety at Work Act.

To perform a task for insurance purposes.
 
To report back on defects found during examination of equipment which pose a danger and threaten the well-being of the public and any employees We have a justifiable purpose (to report back to our customer on any defects).

It is necessary to protect your vital interests.

To perform a task in the public interest which is laid down by law, for example the Health and Safety at Work Act.
 
To investigate health and safety breach or RIDDOR incident We have a justifiable purpose (to investigate health and safety breaches as part of our inspection services offering).

It is necessary to protect your vital interests To comply with our legal and regulatory obligations.

To perform a task in the public interest which is laid down by law, for example the Health and Safety at Work Act.
We need to use your personal information to protect your vital interests, for example to report a machinery fault that poses a risk to your life.

We need to use your information in order to establish, exercise or defend legal rights.

We have your explicit consent.
Investigating/validation of facts in the event of a risk event/incident We have a justifiable purpose (to investigate any facts where there is a risk posed). We need to use your personal information to protect your vital interests, for example to report a machinery fault that poses a risk to your life.

We need to use your information in order to establish, exercise or defend legal rights.

We have your explicit consent.
Maintaining accounting records We have a justifiable purpose (to maintain appropriate records).  
Analysis of financial results We have a justifiable purpose (to analyse our financial results and making any adjustments to our business and offerings).  
Internal audit requirements We have a justifiable purpose (to carry out internal audits).  
Receiving professional advice (e.g tax or legal advice) We have a justifiable purpose (to receive professional external  advice such as legal or tax advice)  
Maintaining a record of contact details We have a justifiable purpose (to maintain appropriate records of all individuals we interact with).

It is necessary to enter into or perform  your inspection services contract.
 
Maintaining data to perform risk management oversight We have a justifiable purpose (to maintain records for our own risk purposes).  
To handle complaints We have a justifiable purpose (to respond and handle all complaints).

To comply with our legal and regulatory obligations to handle complaints appropriately.
 
For training, monitoring and quality control  We have a justifiable purpose (to record calls and review other personal information for training, monitoring and quality control purposes).  

Who do we share your personal information with?

We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:


Internal disclosures with HSB teams
Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspection businesses for the purposes described above, including:


  • Via internal reports
  • Via access to central IT systems


Disclosures to third parties
We also disclose your information to the following third parties for the purposes described above. You can contact us for details of specific disclosures made in respect of your information.


  • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US) – our US parent company
  • Our customer (the organisation who has engaged us to inspect the equipment in your residence or on your premises)
  • Insurers and reinsurers
  • Auditors (including HSB IIC internal audit team and KPMG)
  • Solicitors,
  • IT providers/hosted IT solution providers. including:
    • our US parent company HSB who host our policy and contract administration system,
    • our ultimate parent company Munich Re who host our email servers;
  • Regulators and accreditation bodies, including the Information Commissioner's Office
  • The police, HMRC, the Health and Safety Executive and other crime prevention and detection agencies
  • Selected third parties in connection with any sale, transfer or disposal of our business


Other

Brokers and other third parties

If you are a broker or other third party with whom HSB Insurance and/or HSB Inspections have an actual or potential business relationship, this section will be relevant to you and sets out our uses of your personal data.

What personal information will we collect?

  • Your name
  • Your job title
  • Your job history
  • Your address
  • Your telephone number
  • Your email address
  • Your commercial interests, such as involvement in industry initiatives
  • Your personal interests, for example your hobbies
  • Information gathered from publicly available sources such as corporate company websites, credit reference agencies, public registers and social media sites, such as LinkedIn.
  • CCTV images (if you visit our Manchester or London offices)
  • Any other information passed on from someone else such as a mutual business contact

What special categories of personal information will we collect?

None.

How will we collect your personal information?

We will collect your personal information:

 

  • Face to face (directly from you and through third parties e.g. business contacts)
  • From CCTV (if you visit our Manchester or London offices)
  • From you:
    • By telephone – we record calls to and from our claims, complaints and policy and inspection contract processing teams
    • By email
    • Via our website and extranet portals
    • Via the internet
    • Via an application form
    • From events you have attended
  • We will also collect your personal information from our internal departments. This includes access by relevant personnel to personal information held in our central IT systems, which include:
    • Our policy and inspection contract administration systems
    • Our claims systems (which include claims reports and claims payment requests)
    • Our operational risk event records
    • Our electronic content management system (a repository of scanned documents)
    • Our customer relationship management system

What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

 

  • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you and to ensure we are not used to further financial crime.
  • We need to use your personal information for a justifiable purpose (e.g. to keep business records, to carry out strategic business analysis, to develop and improve our products and services, to develop our business relationship with you). When using your personal information for these purposes, we will always consider your rights and interests to privacy and ensure that your rights to privacy does not outweigh our reason for using the personal information in that way.
  • We need to use your personal information for the performance of a contract with you or your employer, for example contacting you regarding payment of commission under a Terms of Business Agreement.


Purpose for processing Legal grounds for using your personal information
Maintaining accounting records We have a justifiable purpose (to maintain appropriate records).

To fulfil our contractual obligations to you (to make payments due to you).

To comply with our legal or regulatory obligation to maintain appropriate records.
Analysis of financial results We have a justifiable purpose (to analyse our financial results and making any adjustments to our business and offerings).
To carry out credit checks We have a justifiable purpose (to carry out credit checks).
To prevent and investigate fraud We have a justifiable purpose (to prevent any fraudulent activity)To comply with our legal and regulatory obligations to detect fraud.
Internal audit requirements We have a justifiable purpose (to carry out internal audits).
Receiving professional advice (e.g. tax or legal advice) We have a justifiable purpose (to receive professional external  advice such as legal or tax advice).
Maintaining a record of contact details We have a justifiable purpose (to maintain appropriate records to ensure we can contact you).

To comply with our legal or regulatory obligation to maintain appropriate records.
Maintaining data to perform direct marketing activities We have a justifiable purpose (to contact you regarding events, products, services, news and other topics we believe will be of interest to you or your clients).
For business development We have a justifiable purpose (to continuously develop our business according to customer needs and market trends).
To handle complaints We have a justifiable purpose (to respond and handle all complaints).

To comply with our legal and regulatory obligations to handle complaints appropriately.
For training, monitoring and quality control  We have a justifiable purpose (to record calls and review other personal information for training, monitoring and quality control purposes).
Maintaining data about your business and personal interests We have a justifiable purpose (to help us build our business relationship with you and identify events which you may be interested in attending).

Who do we share your personal information with?

We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:


Internal disclosures with HSB teams
Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspection businesses for the purposes described above including:


  • Via internal reports
  • Via access to central IT systems


Disclosures to third parties
We also disclose your information to the following third parties for the purposes described above. You can contact us for details of specific disclosures made in respect of your information.


  • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US) – our US parent company
  • Our mutual clients when arranging inspections
  • Insurers and reinsurers
  • Actuaries, including Milliman LLP
  • Auditors (including HSB Group internal audit team and KPMG)
  • Solicitors
  • Tax advisors
  • Salvage agents
  • Debt collection agencies
  • Loss adjusters (worldwide)
  • IT providers/hosted IT solution providers including:
    • Our US parent company HSB IIC who host our policy and contract administration systems;
    • Our ultimate parent company LMP who host our email servers
  • Financial crime detection agencies and insurance industry databases (such as for fraud prevention and checking against international sanctions)
  • Organisations who provide us with direct marketing administration services
  • Other third parties involved in claims handling such as claims handlers, investigators and medical experts, witnesses, claimants
  • Our regulators including the Financial Conduct Authority, the Prudential Regulation Authority and the Information Commissioner's Office
  • The police, HMRC and other crime prevention and detection agencies
  • The Financial Ombudsman Service
  • Selected third parties in connection with any sale, transfer or disposal of our business
  • Any other person where necessary to manage the business relationship we have with you, in order to protect ourselves from risk or to ensure regulatory compliance or good governance.


Users of the HSB websites and extranet portals

If you are a user of the HSB website, this section will be relevant to you and sets out our uses of your personal information.

What personal information will we collect?

  • Information submitted via the website such as your name, contact details and company name and IP address.
  • Information obtained through our use of cookies. You can find more information about this in our Cookie Statement here.

What special categories of personal information will we collect?

None.

How will we collect your personal information?

We will collect your information directly from our website.

What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal ground”, when we process your "personal information":


  • We need to use your personal information for a justifiable purpose (e.g. to monitor the number of visitors to our website, to keep business records and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests.
  • We need to use your personal information to enter into or perform an inspection services contract with you. For example, we need to use your personal information to provide you with a quote.



Purpose for processing Legal grounds for using your personal information
To follow up on enquiries you
make.
We have a justifiable purpose (to respond to your queries).
To monitor website visits, pages visited and downloads/streaming of content We have a justifiable purpose (to monitor the number of visitors to our website and to develop and improve information about our products and services).
Determining inspection services contract fee It is necessary to enter into or perform an inspection services contract.

We have a justifiable purpose (to determine an appropriate inspection services contract fee).

Who do we share your personal information with?

We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:


Internal disclosures with HSB teams
Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspections businesses for the purposes described above including:


  • Via internal reports.
  • Via access to central IT systems.


Disclosures to third parties
We also disclose your information to the following third parties for the purpose described above. You can contact us for details of specific disclosures made in respect of your information.


  • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US).
  • Munich Re, our ultimate parent company who host our website.

Job applicants

If you have applied for a job at HSB Insurance or HSB Inspections, this section will be relevant to you and sets out our uses of your personal information.

What personal information will we collect?

  • Name
  • Address
  • Job title
  • Telephone numbers
  • Email address
  • Employment history
  • Educational history
  • Qualifications
  • Your hobbies and interests
  • The results of any credit check conducted about you
  • Information about your entitlement to work in the UK
  • The results of any references sought from your current or previous employers, or personal referees
  • CCTV images (if you visit our Manchester or London offices)

What special categories of personal information will we collect?

  • Whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process
  • The results of any criminal records checks about you

How will we collect your personal information?

We will collect your personal information:


  • From you:
    • Face to face during interviews or other forms of assessment
    • By telephone or video conference
    • By email
    • Via our website and/or online application portal
  • From your CV or application form
  • From your passport or other identity documents
  • From qualification certificates
  • From CCTV (if you visit our Manchester or London offices)


We will collect your personal data from third parties including:


  • From your recruitment consultant
  • From your current or previous employers when seeking references
  • From Credit Safe, when undertaking credit checks
  • From Care Check (in England and Wales) or Disclosure Scotland (in Scotland) when undertaking criminal record checks


We will not undertake such checks or request references unless your application for employment is successful and we make you an offer of employment.

What will we use your personal information for?

We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal ground”, when we process your "personal information":

 

  • We need to use your personal information for a justifiable purpose (e.g. to manage the recruitment process, confirm a candidate’s suitability for employment and decide whom to offer a job). When using your personal information for these purposes, we will always consider your rights and interests.
  • We need to use your personal information to take steps at your request prior to entering into a contract with you. We may also need to process your data to enter into a contract with you.
  • We need to use your personal information to ensure that we are complying with our legal obligations. For example, it is mandatory to check a successful applicant's eligibility to work in the UK before employment starts.


When the information that we process is classed as “special categories of personal information” we must have an additional “legal ground”. We will rely on the following legal grounds when we process your “special categories of personal information”.

 

  • We need to use your personal information about whether or not you are disabled to make reasonable adjustments for candidates who have a disability. We process such information to carry out our obligations and exercise specific rights in relation to employment.
  • If you are applying for a position as a HSB Inspections Engineer Surveyor, we process criminal offence data by undertaking criminal records checks to satisfy the requirement for Engineer Surveyors carrying out statutory inspections of certain premises to have such checks.
  • If you are applying for certain positions at HSB Insurance, we are obliged to conduct criminal record checks as part of our legal and regulatory obligations as an insurer.
  • We also carry out criminal records checks to determine your suitability for employment. We process such information to carry out our obligations and exercise specific rights in relation to employment.


Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information
To assess your suitability for employment We have a justifiable purpose (to confirm your suitability for employment and decide to whom to offer a job). To carry out our obligations and exercise specific rights in relation to employment.

For safeguarding purposes.

To comply with a regulatory obligation in the substantial public interest.
To maintain contact details to manage the recruitment process We have a justifiable purpose (to keep records and contact you to arrange interviews and other assessments).  
To assess your eligibility to work in the UK Complying with our legal and regulatory obligations.  

Who do we share your personal information with?

We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:


Internal disclosures with HSB teams
Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspection businesses for the purposes of the recruitment exercise. This includes:


  • Members of the HR team
  • Interviewers involved in the recruitment process, including HSB Group employees
  • Managers in the business area with a vacancy
  • IT staff if access to the data is necessary for the performance of their roles


Disclosures to third parties
We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then share your data with the following: 


  • Former employers to obtain references for you
  • Employment background check providers to obtain necessary background checks

Main Navigation
Service Men
Accessibility

© Copyright 2017 HSB Engineering Insurance Limited. All Rights Reserved.

Note


This publication is available exclusively to Munich Re clients. Please contact your Client Manager.