Our Processing Of Your Personal Information

    alt txt

    properties.trackTitle

    properties.trackSubtitle

    Our relationship with you and the type of services we provide, whether it be insurance or inspection services to you, will dictate the nature of personal information that we need to collect about you. It will also dictate the uses we make of your personal information, for example we will collect different personal information according to whether you are an insured policyholder or beneficiary under an insurance policy, claimant, a customer to whom we provide inspection services, a user of our website or a job applicant.

    When we provide our services, we may need details of any unspent criminal convictions you have for fraud prevention purposes.

    Where you provide personal information to us about other individuals (for example, family members who are a named beneficiary under your policy, or where you are a customer to whom we provide inspection services and you provide us with personal information about your employees or your own customers), we will also be data controller of their personal information. You should refer them to this notice before supplying us with their data on their behalf.

    Our Relationship With You

    The information that we collect and process will depend on our relationship with you. Please click on the section below that best describes your relationship with us.

    HSB Insurance

    If you apply for an insurance policy with us, or if you are listed as an applicant or a beneficiary under a policy that someone else has with us (for example your employer), this section will be relevant to you and sets out our uses of your personal information.

    What personal information will we collect?

    • Your name
    • Your job title
    • Your job history
    • Your address
    • Your telephone number
    • Your email address
    • Your date of birth
    • Your gender
    • Your bank and payment details
    • Your broker reference number
    • The results of any credit check conducted about you, which may include bankruptcy orders, individual voluntary arrangements or country court judgments
    • Information about an individual's relationship to the policyholder where they are the beneficiary
    • Information that we obtain as part of checking sanctions lists
    • Any information that is relevant to your insurance application such as previous insurance policies you have held and claims you have made. This will also include any information specific to the type of policy you are applying for
    • Information gathered from publicly available sources such as the electoral roll, newspapers and social media sites
    • Any other information passed on from you, your insurance broker or someone else applying on your behalf

    What special categories of personal information will we collect?

    Details about your criminal convictions and any related information for fraud investigation purposes. This will include information relating to any offences or alleged offences you have committed, or any court sentences which you are subject to.

    How will we collect your personal information?

    We will collect your personal information:

    • Face to face (directly from you and through third parties, e.g. brokers or loss adjusters)

    • Via proposal forms (submitted directly by you and through third parties, e.g. brokers)

    • From you:
      • By telephone – we record calls to and from our Manchester office
      • By email
      • By post
      • Via our website
      • Via the internet

    We will collect your personal information from third parties including:

    • From your broker
    • Credit reference agencies, such as Dun & Bradstreet
    • Other insurers

    We will also collect your personal information from:

    • Publicly available sources including internet search engines, Companies House, social media such as LinkedIn and corporate customer websites
    • Our internal departments. This includes access by relevant personnel to personal information held in our central IT systems, which include:
      • Our policy administration systems
      • Our claims systems (which include claims reports and claims payment requests)
      • Our operational risk event records
      • Our electronic content management system (an optical archive of scanned documents)
    • Other third parties involved in the insurance application process (such as our business partners and representatives)
    • Publicly available sources such as the electoral roll, court judgments, insolvency registers, Companies House
    • Other HSB Group companies
    • Financial crime detection agencies and insurance industry databases (such as for fraud prevention and checking against international sanctions)

    What will we use your personal information for?

    We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds” when we process your "personal information":

    • We need to use your personal information to enter into or perform the insurance contract that we hold with you. For example, we need to use your personal information to provide you with a quote.
    • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you and to ensure we are not used to further financial crime.
    • We need to use your personal information for a justifiable purpose (e.g., to keep a record of the decisions we make when different types of applications are made, to keep business records, to carry out strategic business analysis, review our business planning and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests and ensure that your rights to privacy does not outweigh our reason for using the personal information in that way.

    When the information that we process is classed as “special categories of personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "special categories of personal information":

    • We need to use your special categories of personal information for purposes relating to an insurance policy or claim and there is a substantial public interest in such use. Such purposes include assessing your insurance application, managing claims and preventing and detecting fraud.
    • We need to use such special categories of personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
    • You have provided your consent to our use of your special categories of personal information.

    Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information
    Assessment of policy eligibility It is necessary to enter into or perform your insurance contract. It is necessary for the insurance purpose of administering a prospective insurance policy.
    We have a justifiable purpose (to assess the eligibility of an individual before we provide insurance cover). We have your consent.
    Determining underwriting premium price It is necessary to enter into or perform your insurance contract.
    We have a justifiable purpose (to determine an appropriate  premium price).
    Administering your insurance policy It is necessary to enter into or perform your insurance contract. It is necessary for the insurance purpose of administering a prospective insurance policy.
    We have your consent.
    Claims investigation/validation and handing claims made under a policy It is necessary to enter into or perform your insurance contract. It is necessary for the insurance purpose of handling claims.
    We have a justifiable purpose (to investigate and handle all claims). We need to use your information in order to establish, exercise or defend legal rights.
    We have your consent.
    Maintaining accounting records We have a justifiable purpose (to maintain appropriate records).
    Analysis of financial results We have a justifiable purpose (to analyse our financial results and making any adjustments to our business and offerings).
    To prevent and investigate fraud We have a justifiable purpose (to prevent any fraudulent activity). There is a substantial public interest to process criminal convictions data for the insurance purpose of underwriting a potential insurance policy.
    To comply with our legal and regulatory obligations to detect fraud. It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).
    We have your consent.
    Internal audit requirements We have a justifiable purpose (to carry out internal audits).
    Receiving professional advice (e.g tax or legal advice) We have a justifiable purpose (to receive professional external  advice such as legal or tax advice).
    To carry out credit checks We have a justifiable purpose (to carry out credit checks).
    It is necessary to enter into or perform your insurance contract.
    Maintaining a record of contact and payment details We have a justifiable purpose (to maintain appropriate records of all payments and to ensure we can contact you).
    It is necessary to enter into or perform your insurance contract.
    Maintaining data to perform risk management oversight We have a justifiable purpose (to maintain records for our own risk purposes).
    Debt collection and cash processing We have a justifiable purpose (to collect debt and manage cash flows).
    For business development  We have a justifiable purpose (to continuously develop our business according to customer needs and market trends).
    To handle complaints We have a justifiable purpose (to respond and handle all complaints).
    To comply with our legal and regulatory obligations to handle complaints appropriately.
    For training, monitoring and quality control  We have a justifiable purpose (to record calls and review other personal information for training, monitoring and quality control purposes).


    Who do we share your personal information with?

    We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:

    Internal disclosures with HSB teams

    Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspection businesses for the purposes described above including:

    • Via internal reports
    • Via access to central IT systems
    Disclosures to third parties

    We also disclose your information to the following third parties for the purposes described above. You can contact us for details of specific disclosures made in respect of your information.

    • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US) – our US parent company
    • Fraud detection agencies
    • Any agent or representative acting for you
    • Insurers and reinsurers
    • Other third parties in the insurance distribution chain who we rely on to administer insurance such as brokers, insurers and other intermediaries
    • Actuaries, including Milliman LLP
    • Auditors (including HSB Group internal audit team and KPMG)
    • Solicitors
    • Tax advisors
    • Debt collection agencies
    • Credit referencing agencies, including Dun & Bradstreet
    • IT providers/hosted IT solution providers including:
      •  Our US parent HBS IIC  who host our policy administration system and our sanctions checking system;
      • Our ultimate parent company Munich Re who host our email servers
    • Our regulators including the Financial Conduct Authority, the Prudential Regulation Authority and the Information Commissioner's Office
    • The police, HMRC and other crime prevention and detection agencies
    • The Financial Ombudsman Service
    • Selected third parties in connection with any sale, transfer or disposal of our business
    • Any other person where necessary to perform any insurance contract with you, in order to protect ourselves from risk or to ensure regulatory compliance or good governance

    If you hold an insurance policy with us, or if you are listed as a beneficiary under a policy that someone else has with us, this section will be relevant to you and sets out our uses of your personal information.

    What personal information will we collect?

    • Your name
    • Your job title
    • Your job history
    • Your address
    • Your telephone number
    • Your email address
    • Your date of birth
    • Your gender
    • Your bank and payment details
    • Your broker reference number
    • The results of any credit check conducted about you, including bankruptcy orders, individual voluntary arrangements or country court judgments
    • Information about an individual's relationship to the policyholder where they are the beneficiary
    • Information that we obtain as part of checking sanctions lists
    • Any information that is relevant to your insurance policy such as previous insurance policies you have held and claims you have made. This will also include any information specific to the type of policy the individual is applying for
    • Any information relevant to a claim made
    • Information gathered from publically available sources such as the electoral roll, newspapers and social media sites
    • Any other information passed on from you, your insurance broker or someone else applying on your behalf

    What special categories of personal information will we collect?

    Details about your criminal convictions and any related information for fraud investigation purposes. This will include information relating to any offences or alleged offences you have committed or any court sentences which you are subject to.

    How will we collect your personal information?

    We will collect your personal information:

    • Face to face (directly from you and through third parties, e.g. brokers or loss adjusters)
    • Via proposal forms and claim forms (submitted directly by you and through third parties, e.g. brokers)
    • From you:
      • By telephone - we record calls to and from our Manchester office
      • By email
      • By post
      • Via our website
      • Via the internet

    We will collect your personal information from third parties including:

    • From your broker
    • Credit reference agencies, such as Dun & Bradstreet
    • Loss adjusters
    • Insurers
    • From your employer, where you are due to be covered by an insurance policy your employer takes out, or the policyholder

    We will also collect your personal information from:

    • Publicly available sources including internet search engines, companies house, social media such as LinkedIn and corporate customer websites
    • Our internal departments. This includes access by relevant personnel to personal information held in our central IT systems, which include:
      • Our policy administration systems
      • Our claims systems (which include claims reports and claims payment requests)
      • Our operational risk event records
      • Our electronic content management system (a repository of scanned documents)
    • Other third parties involved in the insurance application process (such as our business partners and representatives)
    • Other third parties involved in claims handling/a claim made such as claims handlers, investigators, witnesses, claimants.
    • Publicly available sources such as the electoral roll, court judgments, insolvency registers
    • Other HSB Group companies
    • Financial crime detection agencies and insurance industry databases (such as for fraud prevention and checking against international sanctions)

    What will we use your personal information for?

    We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

    • We need to use your personal information to enter into or perform the insurance contract that we hold with you. For example, we need to use your personal information to provide you with a quote, administer your policy and handle any claims you have.
    • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you and to ensure we are not used to further financial crime.
    • We need to use your personal information for a justifiable purpose (e.g. to keep a record of the decisions we make when different types of applications are made, to keep business records, to carry out strategic business analysis, review our business planning and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests and ensure that your rights to privacy does not outweigh our reason for using the personal information in that way.

    When the information that we process is classed as “special categories of personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "special categories of personal information":

    • We need to use your special categories of personal information for purposes relating to an insurance policy or claim and there is a substantial public interest in such use. Such purposes include assessing your insurance application, managing claims and preventing and detecting fraud.
    • We need to use such special categories of personal information to establish, exercise or defend legal rights.  This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
    • You have provided your consent to our use of your special categories of personal information.

    Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information
    Assessment of policy eligibility It is necessary to enter into or perform your insurance contract It is necessary for the insurance purpose of administering a prospective insurance policy
    We have a justifiable purpose (to assess the eligibility of an individual before we provide insurance cover) We have your consent
    Determining underwriting premium price It is necessary to enter into or perform your insurance contract
    We have a justifiable purpose (to determine an appropriate premium price)
    Administering your insurance policy It is necessary to enter into or perform your insurance contract It is necessary for the insurance purpose of administering a prospective insurance policy
    We have your consent
    Claims investigation/validation and handing claims made under a policy It is necessary to enter into or perform your insurance contract It is necessary for the insurance purpose of handling claims
    We have a justifiable purpose (to investigate and handle all claims) We need to use your information in order to establish, exercise or defend legal rights.
    We have your consent
    Maintaining accounting records We have a justifiable purpose (to maintain appropriate records)
    Analysis of financial results We have a justifiable purpose (to analyse our financial results and making any adjustments to our business and offerings)
    To prevent and investigate fraud We have a justifiable purpose (to prevent any fraudulent activity) There is a substantial public interest to process criminal convictions data for the insurance purpose of underwriting a potential insurance policy It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).
    To comply with our legal and regulatory obligations to detect fraud We have your consent
    Internal audit requirements We have a justifiable purpose (to carry out internal audits)
    Receiving professional advice (e.g tax or legal advice) We have a justifiable purpose (to receive professional external advice such as legal or tax advice)
    To carry out credit checks We have a justifiable purpose (to carry out credit checks)
    It is necessary to enter into or perform your insurance contract
    Maintaining a record of contact and payment details We have a justifiable purpose (to maintain appropriate records of all payments and to ensure we can contact you)
    It is necessary to enter into or perform your insurance contract
    Maintaining data to perform risk management oversight We have a justifiable purpose (to maintain records for our own risk purposes)
    Debt collection and cash processing We have a justifiable purpose (to collect debt and manage cash flows)
    For business development We have a justifiable purpose (to continuously develop our business according to customer needs and market trends)
    To handle complaints We have a justifiable purpose (to respond and handle all complaints)
    To comply with our legal and regulatory obligations to handle complaints appropriately
    For training, monitoring and quality control We have a justifiable purpose (to record calls and review other personal information for training, monitoring and quality control purposes)


    Who do we share your personal information with?

    We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:

    Internal disclosures with HSB teams

    Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspection businesses for the purposes described above including:

    • Via internal reports 
    • Via access to central IT systems 
    Disclosures to third parties

    We also disclose your information to the following third parties for the purposes described above. You can contact us for details of specific disclosures made in respect of your information. 

    • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US) – our US parent company 
    • Fraud detection agencies
    • Any agent or representative acting for you
    • Insurers and reinsurers 
    • Other third parties in the insurance distribution chain who we rely on to administer insurance such as brokers, insurers and other intermediaries
    • Actuaries, including Milliman LLP
    • Auditors (including HSB Group internal audit team and KPMG)
    • Solicitors 
    • Tax advisors 
    • Salvage agents 
    • Debt collection agencies 
    • Credit referencing agencies, including Dun & Bradstreet
    • Loss adjusters (worldwide)
    • IT providers/hosted IT solution providers including:
      • Our US parent company HSB IIC who host our policy administration system and our sanctions checking system;
      • Our ultimate parent company Munich Re who host our email servers
    • Financial crime detection agencies and insurance industry databases (such as for fraud prevention and checking against international sanctions) 
    • Other third parties involved in claims handling such as claims handlers, investigators and medical experts, witnesses, claimants
    • Our regulators including the Financial Conduct Authority, the Prudential Regulation Authority and the Information Commissioner's Office
    • The police, HMRC and other crime prevention and detection agencies
    • The Financial Ombudsman Service
    • Selected third parties in connection with any sale, transfer or disposal of our business
    • Any other person where necessary to perform any insurance contract with you, in order to protect ourselves from risk or to ensure regulatory compliance or good governance

    If you make a claim against an individual or organisation who holds an insurance policy with us, this section will be relevant to you and sets out our uses of your personal information.

    What personal information will we collect?

    • Your name
    • Your address
    • Your telephone number
    • Your email address
    • Any information relevant to a claim made
    • Information gathered from publically available sources such as the electoral roll, newspapers and social media sites
    • Any other information passed on from someone else such as the insured

    What special categories of personal information will we collect?

    • Details about your physical and mental health if relevant (for third party lability claims) which are relevant to your policy.
    • Details about your criminal convictions and any related information for fraud investigation purposes. This will include information relating to any offences or alleged offences you have committed or any court sentences which you are subject to.

    How will we collect your personal information?

    We will collect your personal information:

    • Face to face (directly from you and through third parties e.g. the insured)
    • From you:
      • By telephone - we record calls to and from our Manchester office
      • By email
      • By post
      • Via our website
    • Via a claim form (submitted directly by the insured)

    We will collect your personal information from third parties including:

    • From your representative
    • Loss adjusters
    • Insurers

    We will also collect your personal information from:

    • Publicly available sources including internet search engines, companies house, social media such as LinkedIn, corporate customer websites,electoral roll, court judgments, insolvency registers
    • Our internal departments. This includes access by relevant personnel to personal information held in our central IT systems, which include:
      • Our policy administration systems
      • Our claims systems (which include claims reports and claims payment requests)
      • Our operational risk event records
      • Our electronic content management system (a repository of scanned documents)
    • Other third parties involved in the insurance application process (such as our business partners and representatives)
    • Other third parties involved in claims handling/a claim made such as claims handlers investigators, witnesses
    • Other HSB Group companies

    What will we use your personal information for?

    We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

    • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you and to ensure we are not used to further financial crime.
    • We need to use your personal information for a justifiable purpose (e.g. to keep a record of claims made, to keep business records, to carry out strategic business analysis, review our business planning and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests ensure that your rights to privacy does not outweigh our reason for using the personal information in that way.

    When the information that we process is classed as 'special categories of personal information', we must have an additional 'legal ground'. We will rely on the following legal grounds when we process your 'special categories of personal information':

    • We need to use your special categories of personal information for purposes relating to an insurance policy or claim and there is a substantial public interest in such use. Such purposes include managing claims and preventing and detecting fraud.
    • We need to use such special categories of personal information to establish, exercise or defend legal rights.  This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
    • You have provided your consent to our use of your special categories of personal information.

    Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information
    Claims investigation/validation and handing claims made under a policy We have a justifiable purpose (to investigate all claims made) It is necessary for the insurance purpose of handling claims
    We need to use your information in order to establish, exercise or defend legal rights
    We have your consent
    Maintaining accounting records We have a justifiable purpose (to maintain appropriate records)
    Analysis of financial results We have a justifiable purpose (to analyse our financial results and making any adjustments to our business and offerings)
    To prevent and investigate fraud We have a justifiable purpose (to prevent any fraudulent activity) There is a substantial public interest to process criminal convictions data for the insurance purpose of handling claims
    To comply with our legal and regulatory obligations to detect fraud It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud)
    We have your consent
    Internal audit requirements We have a justifiable purpose (to carry out internal audits)
    Receiving professional advice (e.g., tax or legal advice) We have a justifiable purpose (to receive professional external advice such as legal or tax advice)
    Maintaining a record of contact details We have a justifiable purpose (to maintain appropriate records to ensure we can contact you)
    Maintaining data to perform risk management oversight We have a justifiable purpose (to maintain records for our own risk purposes)
    For business development We have a justifiable purpose (to continuously develop our business according to customer needs and market trends)
    To handle complaints We have a justifiable purpose (to respond to and handle all complaints)
    To comply with our legal and regulatory obligations to handle complaints appropriately
    For training, monitoring and quality control We have a justifiable purpose (to record calls and review other personal information for training, monitoring and quality control purposes)


    Who do we share your personal information with?

    We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:

    Internal disclosures with HSB teams

    Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspection businesses for the purposes described above including:

    • Via internal reports 
    • Via access to central IT systems 
    Disclosures to third parties

    We also disclose your information to the following third parties for the purposes described above. You can contact us for details of specific disclosures made in respect of your information. 

    • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US) – our US parent company 
    • Any agent or representative acting for you
    • Insurers and reinsurers 
    • Other third parties in the insurance distribution chain who we rely on to administer insurance such as brokers, insurers and other intermediaries
    • Actuaries including Milliman LLP
    • Auditors (including HSB Group internal audit team and KPMG)
    • Solicitors 
    • Tax advisors 
    • Salvage agents 
    • Debt collection agencies 
    • Brokers 
    • Loss adjusters (worldwide)
    • IT providers/hosted IT solution providers including:
      • Our US parent company HSB IIC who host our policy administration system;
      • Our ultimate parent company Munich Re who host our email servers 
    • Financial crime detection agencies and insurance industry databases (such as for fraud prevention and checking against international sanctions) 
    • Other third parties involved in claims handling such as claims handlers, investigators and medical experts, witnesses, claimants
    • Our regulators including the Financial Conduct Authority, the Prudential Regulation Authority and the Information Commissioner's Office
    • The police, HMRC and other crime prevention and detection agencies
    • The Financial Ombudsman Service
    • Selected third parties in connection with any sale, transfer or disposal of our business
    • Any other person where necessary to investigate any claim you make, in order to protect ourselves from risk or to ensure regulatory compliance or good governance.

    If you witness an incident which a claim is being made against under an insurance policy we have administered, this section will be relevant to you and sets out our uses of your personal information.

    What personal information will we collect?

    • Your name
    • Your job title
    • Your address
    • Your telephone number
    • Your email address
    • Any information relevant to an incident witnessed
    • Information gathered from publicly available sources such as the electoral roll, newspapers and social media sites
    • Any other information passed on from someone else such as the insured

    What special categories of personal information will we collect?

    Details about your physical and mental health if relevant to the incident you have witnessed.

    How will we collect your personal information?

    We will collect your personal information:

    • Face to face (directly from you and through third parties, e.g. the insured)
    • From you:
      • By telephone – we record calls to and from our Manchester office
      • By email
      • By post
      • Via the internet
    • Via a claim form (submitted directly by the insured)
    • From third parties including from the insured, claimants or other witnesses

    We will also collect your personal information from our internal departments.This includes access by relevant personnel to personal information held in our central IT systems, which include:

    • Our policy administration systems
    • Our claims systems (which include claims reports and claims payment requests)
    • Our operational risk event records
    • Our electronic content management system (a repository of scanned documents)

    What will we use your personal information for?

    We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

    • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you and to ensure we are not used to further financial crime.
    • We need to use your personal information for a justifiable purpose (e.g. to keep records of claims, to keep business records, to carry out strategic business analysis, review our business planning and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests to privacy and ensure that your rights to privacy does not outweigh our reason for using the personal information in that way.

    When the information that we process is classed as “special categories of personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "special categories of personal information":

    • We need to use your special categories of personal information for purposes relating to an insurance policy or claim, it is not feasible to get your consent and there is a substantial public interest in such use. Such purposes include managing claims and preventing and detecting fraud.
    • We need to use such special categories of personal information to establish, exercise or defend legal rights.  This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
    • You have provided your consent to our use of your special categories of personal information.

    Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information
    Claims investigation/validation and handing claims made under a policy We have a justifiable purpose (to investigate all claims made) It is necessary for the insurance purpose of handling claims under an insurance policy
    We need to use your information in order to establish, exercise or defend legal rights
    We have your consent
    Maintaining accounting records We have a justifiable purpose (to maintain appropriate records)
    Analysis of financial results We have a justifiable purpose (to analyse our financial results and making any adjustments to our business and offerings)
    To prevent and investigate fraud We have a justifiable purpose (to prevent any fraudulent activity) There is a substantial public interest to process criminal convictions data for the insurance purpose of handling claims
    To comply with our legal and regulatory obligations to detect fraud It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud).
    We have your consent
    Internal audit requirements We have a justifiable purpose (to carry out internal audits)
    Receiving professional advice (e.g tax or legal advice) We have a justifiable purpose (to receive professional external advice such as legal or tax advice)
    Maintaining a record of contact details We have a justifiable purpose (to maintain appropriate records to ensure we can contact you)
    Maintaining data to perform risk management oversight We have a justifiable purpose (to maintain records for our own risk purposes)
    For business development We have a justifiable purpose (to continuously develop our business according to customer needs and market trends)
    To handle complaints We have a justifiable purpose (to respond and handle all complaints)
    To comply with our legal and regulatory obligations to handle complaints appropriately
    For training, monitoring and quality control We have a justifiable purpose (to record calls and review other personal information for training, monitoring and quality control purposes)


    Who do we share your personal information with?

    We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:

    Internal disclosures with HSB teams

    Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspection businesses for the purposes described above including:

    • Via internal reports 
    • Via access to central IT systems 
    Disclosures to third parties

    We also disclose your information to the following third parties for the purposes described in above. You can contact us for details of specific disclosures made in respect of your information. 

    • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US) – our US parent company 
    • Insurers and reinsurers 
    • Actuaries including Milliman actuarial function
    • Auditors (including HSB Group internal audit team and KPMG)
    • Solicitors 
    • Tax advisors 
    • Salvage agents 
    • Debt collection agencies 
    • Brokers 
    • Loss adjusters (worldwide)
    • IT providers/hosted IT solution providers including:
      • our US parent company HSB IIC who host our policy administration and sanctions checking system; 
      • our ultimate parent company Munich Re who host our email servers
    • Financial crime detection agencies and insurance industry databases (such as for fraud prevention and checking against international sanctions) 
    • Other third parties involved in claims handling such as claims handlers, investigators and medical experts, witnesses, claimants
    • Our regulators including the Financial Conduct Authority, the Prudential Regulation Authority and the Information Commissioner's Office
    • The police, HMRC and other crime prevention and detection agencies
    • The Financial Ombudsman Service
    • Selected third parties in connection with any sale, transfer or disposal of our business
    • Any other person where necessary to investigate the incident you witnessed, in order to protect ourselves from risk or to ensure regulatory compliance or good governance.

    HSB Inspections

    If you are a sole trader customer or an individual client that receives inspection services from us (such as statutory inspections of equipment for health and safety purposes), this section will be relevant to you and sets out our uses of your personal information.

    What personal information will we collect?

    • Your name
    • Your job title
    • Your job history
    • Your home or business address
    • Your telephone numbers
    • Your email address
    • Information which we obtain as part of checking sanctions lists
    • Information gathered from publicly available sources such as internet search engines, customer websites
    • Any other information about your business or location, such as the equipment you wish us to inspect or we have inspected

    What special categories of personal information will we collect?

    • Details about your criminal convictions and any related information. This will include information relating to any offences or alleged offences you have committed or any court sentences:
      • as they relate to fraud
      • as part of an investigation into any relevant health and safety breach or an incident under the 'Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013 (RIDDOR)'

    How will we collect your information?

    We will collect your personal information directly from you:

    • Face to face
    • From you:
      • By telephone – we record calls to and from our Manchester office
      • By email
      • By post
      • Via our website

    We will also collect your personal information from:

    • Your agent or representative
    • Publicly available sources including internet search engines, companies house, credit reference agencies, social media such as LinkedIn and corporate customer websites
    • Third parties such as brokers or insurer partners
    • Information which we obtain as part of checking sanctions lists.
    • Our internal departments. This includes access by relevant personnel to personal information held in our central IT systems, which include:
      • Our contract administration systems
      • Our inspection reports online portal
      • Our inspection appointment scheduling system
      • Our operational risk event records
      • Our electronic content management system (a repository of scanned documents)

    What will we use your personal information for?

    We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

    • We need to use your personal information to enter into or perform theinspection services contract that we hold with you. For example, we need to use your personal information to contact you to arrange an inspection of your workplace.
    • We have a legal or regulatory obligation to use such personal information. For example, the health and safety regulators require us to hold certain records of our dealings with you and to report certain defects discovered as a result of an inspection.
    • We need to use your personal information for a justifiable purpose (e.g. to keep a record of all inspections we carry out, to keep business records, to carry out strategic business analysis, review our business planning and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests and ensure your right to privacy does not outweigh our reason for using the personal information in that way.
    • We need to use your personal information to protect the vital interests of individuals such as employees or members of the public, for example to report a machinery fault that poses a risk to life.

    When the information that we process is classed as “special categories of personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "special categories of personal information":

    • We need to use such special categories of personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.

    Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information
    Arranging and executing inspections and reporting back to the client. It is necessary to enter into or perform your inspection services contract
    We have a justifiable purpose (to report back to you on our findings)
    To report back on defects found during examination of equipment which pose a danger and threaten the well-being of the public We have a justifiable purpose (to report back to you on any defects)
    It is necessary to enter into or perform your inspection services contract
    To comply with our legal and regulatory obligations
    It is necessary to protect the vital interests of your employees or other members of the public
    To investigate health and safety breach or RIDDOR incident We have a justifiable purpose (to investigate health and safety breaches as part of our inspection services offering).
    To comply with our legal and regulatory obligations
    Investigating/validation of facts in the event of a risk event/incident We have a justifiable purpose (to investigate any facts where there is a risk posed)
    It is necessary to enter into or perform your inspection services contract
    Maintaining accounting records We have a justifiable purpose (to maintain appropriate records)
    Analysis of financial results We have a justifiable purpose (to analyse our financial results and making any adjustments to our business and offerings)
    To prevent and investigate fraud We have a justifiable purpose (to prevent any fraudulent activity) It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud)
    To comply with our legal and regulatory obligations to detect fraud We have your explicit consent.
    Internal audit requirements We have a justifiable purpose (to carry out internal audits)
    Receiving professional advice (e.g tax or legal advice) We have a justifiable purpose (to receive professional external advice such as legal or tax advice)
    To carry out credit checks We have a justifiable purpose (to carry out credit checks)
    It is necessary to enter into or perform your inspection services contract
    Maintaining a record of contact and payment details We have a justifiable purpose (to maintain appropriate records of all payments and to ensure we can contact you)
    It is necessary to enter into or perform your inspection services contract
    Maintaining data to perform risk management oversight We have a justifiable purpose (to maintain records for our own risk purposes)
    Debt collection and cash processing We have a justifiable purpose (to collect debt and manage cash flows)
    For business development We have a justifiable purpose (to continuously develop our business according to customer needs and market trends)
    To handle complaints We have a justifiable purpose (to respond and handle all complaints)
    Maintaining contact details to provide you with system information We have a justifiable purpose (to provide you with email updates about our inspection report online portal)
    For training, monitoring and quality control We have a justifiable purpose (to record calls and review other personal information for training, monitoring and quality control purposes)


    Who do we share your personal information with?

    We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:

    Internal disclosures with HSB teams

    Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspection businesses for the purposes described above including:

    • Via internal reports 
    • Via access to central IT systems 
    Disclosures to third parties

    We also disclose your information to the following third parties for the purposes described above. You can contact us for details of specific disclosures made in respect of your information. 

    • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US) – our US parent company 
    • Any agent or representative acting for you
    • Insurers and reinsurers 
    • Actuaries including Milliman LLP
    • Auditors (including HSB Group internal audit team and KPMG)
    • Solicitors 
    • Tax advisors 
    • Debt collection agencies 
    • Credit referencing agencies, including Dun & Bradstreet 
    • IT providers/hosted IT solution providers including: 
      • our US parent company HSB who host our policy administration and sanction checking systems;
      • our ultimate parent company Munich Re who host our email servers  
    • Financial crime detection agencies and government databases (such as for fraud prevention and
      checking against international sanctions) 
    • Regulators and accreditation bodies,  including  the Information Commissioner's Office
    • The police, HMRC, the Health and Safety Executive and other crime prevention, detection and enforcement agencies
    • Selected third parties in connection with any sale, transfer or disposal of our business

    If you are an employee of a customer that we provide inspection services to, this section will be relevant to you and sets out our uses of your personal information.

    What personal information will we collect?

    • Your name
    • Your job title
    • Your address
    • Your telephone numbers
    • Your email address

    What special categories of personal information will we collect?

    • Details of your physical or mental health (if relevant to any investigation into a health and safety breach or an incident under the 'Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013' (RIDDOR).
    • Criminal records that relate to you (including offences and alleged offences and any court sentence or criminal conviction) if relevant to any investigation into a health and safety breach or an incident under the 'Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013' (RIDDOR).

    How will we collect your information?

    We will collect your personal information from you:

    • Face to face (when we visit you on site)
    • From you:
      • By telephone – we record calls to and from our Manchester office
      • By email
      • By post
      • Via our website

    We will collect your personal information from your employer, where they provide your details for us to speak to or contact when we are conducting inspections or where your information is provided in documentation that your employer provides us with.

    We will also collect your personal information from:

    • Publicly available sources including internet search engines, Companies House, social media such as LinkedIn and corporate customer websites
    • Our internal departments. This includes access by relevant personnel to personal information held in our central IT systems, which include:
      • Our contract administration systems
      • Our inspection reports online portal
      • Our inspection appointment scheduling system
      • Our operational risk event records
      • Our electronic content management system (a repository of scanned documents)

    What will we use your personal information for?

    We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

    • We have a legal or regulatory obligation to use such personal information. For example, the health and safety regulators require us to hold certain records of our dealings with you and to report certain defects discovered as a result of an inspection.
    • We need to use your personal information for a justifiable purpose (e.g. to keep a record of all employees we interact with when we carry out inspections, to keep business records, to carry out strategic business analysis, review our business planning and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests.
    • We need to use your personal information to protect your vital interests, for example to report a machinery fault that poses a risk to your life.
    • When the information that we process is classed as “special categories of personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "special categories of personal information":
    • We need to use such special categories of personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
    • We need to use your personal information to protect your vital interests, for example to report a machinery fault that poses a risk to your life.

    Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information
    Arranging and executing inspections and reporting back to the client We have a justifiable purpose (to report back to on our findings)
    To perform a task in the public interest which is laid down by law, for example the Health & Safety at Work Act
    To report back on defects found during examination of equipment which pose a danger and threaten the well-being of the public and any employees We have a justifiable purpose (to report back to your employer on any defects)
    It is necessary to protect your vital interests as an employee
    To perform a task in the public interest which is laid down by law, for example the Health & Safety at Work Act
    To investigate health and We have a justifiable purpose (to investigate health and safety breaches as part of our inspection services offering) We need to use your personal information to protect the vital interests of individuals such as employees or members of the public, for example to report a machinery fault that poses a risk to life;
    safety breach or RIDDOR incident It is necessary to protect your vital interests as an employee We need to use your information in order to establish, exercise or defend legal rights.
    To comply with our legal and regulatory obligations
    To perform a task in the public interest which is laid down by law, for example the Health & Safety at Work Act
    Investigating/validation of facts in the event of a risk event/incident We have a justifiable purpose (to investigate any facts where there is a risk posed) We need to use your personal information to protect the vital interests of individuals such as employees or members of the public, for example to report a machinery fault that poses a risk to life;
    We need to use your information in order to establish, exercise or defend legal rights.
    We have your explicit consent.
    Maintaining accounting records We have a justifiable purpose (to maintain appropriate records)
    Analysis of financial results We have a justifiable purpose (to analyse our financial results and making any adjustments to our business and offerings)
    Internal audit requirements We have a justifiable purpose (to carry out internal audits)
    Receiving professional advice (e.g tax or legal advice) We have a justifiable purpose (to receive professional external advice such as legal or tax advice)
    Maintaining a record of contact details We have a justifiable purpose (to maintain appropriate records of all individuals we interact with)
    It is necessary to enter into or perform your inspection services contract
    Maintaining data to perform risk management oversight We have a justifiable purpose (to maintain records for our own risk purposes)
    To handle complaints We have a justifiable purpose (to respond and handle all complaints)
    To comply with our legal and regulatory obligations to handle complaints appropriately
    Maintaining contact details to provide you with system information We have a justifiable purpose (to provide you with email updates about our inspection report online portal)
    For training, monitoring and quality control We have a justifiable purpose (to record calls and review other personal information for training, monitoring and quality control purposes)
    To request and analyse feedback about our services We have a justifiable purpose (to request and analyse customer feedback in order to improve our service and performance)


    Who do we share your personal information with?

    We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:

    Internal disclosures with HSB teams

    Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspection businesses for the purposes described above including:

    • Via internal reports 
    • Via access to central IT systems 
    Disclosures to third parties

    We also disclose your information to the following third parties for the purposes described above. You can contact us for details of specific disclosures made in respect of your information. 

    • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US) – our US parent company 
    • Your employer
    • Your employer’s agent or representative
    • Insurers and reinsurers 
    • Actuaries, including Milliman LLP
    • Auditors (including HSB Group internal audit team and KPMG)
    • Solicitors 
    • Tax advisors 
    • Debt collection agencies 
    • IT providers/hosted IT solution providers including: 
      • our US parent company HSB who host our policy and contract administration system;
      • our ultimate parent company Munich Re who host our email servers
    • Financial crime detection agencies and government databases (such as for fraud prevention and checking against international sanctions) 
    • Regulators and accreditation bodies,  including  the Information Commissioner's Office
    • The police, HMRC, the Health and Safety Executive and other crime prevention, detection and enforcement agencies
    • Selected third parties in connection with any sale, transfer or disposal of our business
    • Organisations who provide us with administration services, such as direct marketing or customer feedback administration

    If you are a customer or, for example, a council tenant, of an organisation who has engaged HSB Inspections to inspect property at your location (for example, a stair lift), this section will be relevant to you and sets out our uses of your personal information. 

    What personal information will we collect?

    • Your name
    • Your address
    • Your telephone numbers
    • Details of the equipment to be inspected in your home or premises (for example, a stair lift)

    What special categories of personal information will we collect?

    Details of your physical or mental health (if relevant to any investigation into a health and safety breach or an incident under the 'Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013' (RIDDOR).

    How will we collect your information?

    We will collect your personal information from you:

    • Face to face (when we visit your location)
    • From you:
      • by telephone - we record calls to and from our Manchester office
    • We will collect your personal information from our client, where they provide your details for us to speak to or contact you to arrange an inspection or where your information is provided in documentation that they have provided us with.

    We will also collect your personal information from:

    • Brokers or insurers
    • Our internal departments. This includes access by relevant personnel to personal information held in our central IT systems, which include:
      • Our contract administration systems
      • Our inspection reports online portal
      • Our inspection appointment scheduling system
      • Our operational risk event records
      • Our electronic content management system (a repository of scanned documents)

    What will we use your personal information for?

    We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

    • We have a legal or regulatory obligation to use such personal information. For example, the regulators require us to hold certain records of our dealings with you and to report certain defects discovered as a result of an inspection.
    • We need to use your personal information for a justifiable purpose (e.g. to keep a record of all individuals we interact with when we carry out inspections, to keep business records, to carry out strategic business analysis, review our business planning and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests. 
    • We need to use your personal information to protect your vital interests, for example to report a machinery fault that poses a risk to your life.
    • We are performing a task in the public interest which is laid down by law, for example performing a statutory inspection of lifting equipment.

    When the information that we process is classed as “special categories of personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "special categories of personal information":

    • We need to use such special categories of personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against our customer.
    • We need to use your personal information to protect your vital interests, for example to report a machinery fault that poses a risk to your life.
    • You have provided your consent to our use of your special categories of personal information. In some circumstances, we may need your consent to process special categories of personal information (e.g. health information). Without it, we may be unable to offer you our inspection services. We will always explain why your consent is necessary.

    Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information
    Arranging and executing inspections and reporting back to the client We have a justifiable purpose (to report back to on our findings)
    To perform a task in the public interest which is laid down by law, for example the Health and Safety at Work Act
    To perform a task for insurance purposes
    To report back on defects found during examination of equipment which pose a danger and threaten the well-being of the public and any employees We have a justifiable purpose (to report back to our customer on any defects)
    It is necessary to protect your vital interests
    To perform a task in the public interest which is laid down by law, for example the Health and Safety at Work Act
    To investigate health and safety breach or RIDDOR incident We have a justifiable purpose (to investigate health and safety breaches as part of our inspection services offering) We need to use your personal information to protect your vital interests, for example to report a machinery fault that poses a risk to your life;
    It is necessary to protect your vital interests We need to use your information in order to establish, exercise or defend legal rights.
    To comply with our legal and regulatory obligations We have your explicit consent.
    To perform a task in the public interest which is laid down by law, for example the Health and Safety at Work Act
    Investigating/validation of facts in the event of a risk event/incident We have a justifiable purpose (to investigate any facts where there is a risk posed) We need to use your personal information to protect your vital interests, for example to report a machinery fault that poses a risk to your life;
    We need to use your information in order to establish, exercise or defend legal rights.
    We have your explicit consent.
    Maintaining accounting records We have a justifiable purpose (to maintain appropriate records)
    Analysis of financial results We have a justifiable purpose (to analyse our financial results and making any adjustments to our business and offerings)
    Internal audit requirements We have a justifiable purpose (to carry out internal audits)
    Receiving professional advice (e.g tax or legal advice) We have a justifiable purpose (to receive professional external advice such as legal or tax advice)
    Maintaining a record of contact details We have a justifiable purpose (to maintain appropriate records of all individuals we interact with)
    It is necessary to enter into or perform your inspection services contract
    Maintaining data to perform risk management oversight We have a justifiable purpose (to maintain records for our own risk purposes)
    To handle complaints We have a justifiable purpose (to respond and handle all complaints)
    To comply with our legal and regulatory obligations to handle complaints appropriately
    For training, monitoring and quality control We have a justifiable purpose (to record calls and review other personal information for training, monitoring and quality control purposes)


    Who do we share your personal information with?

    We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:

    Internal disclosures with HSB teams

    Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspection businesses for the purposes described above including:

    • Via internal reports 
    • Via access to central IT systems 
    Disclosures to third parties

    We also disclose your information to the following third parties for the purposes described above. You can contact us for details of specific disclosures made in respect of your information. 

    • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US) – our US parent company 
    • Our customer (the organisation who has engaged us to inspect the equipment in your residence or on your premises) 
    • Insurers and reinsurers 
    • Auditors (including HSB IIC internal audit team and KPMG)
    • Solicitors 
    • IT providers/hosted IT solution providers including: 
      • our US parent company HSB who host our policy and contract administration system, 
      • our ultimate parent company Munich Re who host our email servers; 
    • Regulators and accreditation bodies,  including  the Information Commissioner's Office
    • The police, HMRC, the Health and Safety Executive and other crime prevention and detection agencies
    • Selected third parties in connection with any sale, transfer or disposal of our business

    Other

    If you are a broker or other third party with whom HSB Insurance and/or HSB Inspections have an actual or potential business relationship, this section will be relevant to you and sets out our uses of your personal data.

    What personal information will we collect?

    • Your name
    • Your job title
    • Your job history
    • Your address
    • Your telephone number
    • Your email address
    • Your commercial interests, such as involvement in industry initiatives
    • Your personal interests, for example your hobbies
    • Information gathered from publicly available sources such as corporate company websites, credit reference agencies, public registers and social media sites, such as LinkedIn.
    • CCTV images (if you visit our Manchester or London offices)
    • Any other information passed on from someone else such as a mutual business contact

    What special categories of personal information will we collect?

    None.

    How will we collect your personal information?

    We will collect your personal information:

    • Face to face (directly from you and through third parties e.g. business contacts)
    • From CCTV (if you visit our Manchester or London offices)
    • From you:
      • By telephone – we record calls to and from our Manchester office
      • By email
      • Via our website and extranet portals
      • Via the internet
      • Via an application form
      • From events you have attended
    • We will also collect your personal information from our internal departments. This includes access by relevant personnel to personal information held in our central IT systems, which include:
      • Our policy and inspection contract administration systems
      • Our claims systems (which include claims reports and claims payment requests)
      • Our operational risk event records
      • Our electronic content management system (a repository of scanned documents)
      • Our customer relationship management system

    What will we use your personal information for?

    We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

    • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you and to ensure we are not used to further financial crime.
    • We need to use your personal information for a justifiable purpose (e.g. to keep business records, to carry out strategic business analysis, to develop and improve our products and services, to develop our business relationship with you). When using your personal information for these purposes, we will always consider your rights and interests to privacy and ensure that your rights to privacy does not outweigh our reason for using the personal information in that way.
    • We need to use your personal information for the performance of a contract with you or your employer, for example contacting you regarding payment of commission under a Terms of Business Agreement.
    Purpose for processing Legal grounds for using your personal information
    Maintaining accounting records We have a justifiable purpose (to maintain appropriate records)
    To fulfil our contractual obligations to you (to make payments due to you)
    To comply with our legal or regulatory obligation to maintain appropriate records
    Analysis of financial results We have a justifiable purpose (to analyse our financial results and making any adjustments to our business and offerings)
    To carry out credit checks We have a justifiable purpose (to carry out credit checks)
    To prevent and investigate fraud We have a justifiable purpose (to prevent any fraudulent activity)
    To comply with our legal and regulatory obligations to detect fraud
    Internal audit requirements We have a justifiable purpose (to carry out internal audits)
    Receiving professional advice (e.g tax or legal advice) We have a justifiable purpose (to receive professional external advice such as legal or tax advice)
    Maintaining a record of contact details We have a justifiable purpose (to maintain appropriate records to ensure we can contact you)
    To comply with our legal or regulatory obligation to maintain appropriate records
    Maintaining data to perform direct marketing activities We have a justifiable purpose (to contact you regarding events, products, services, news and other topics we believe will be of interest to you or your clients)
    For business development We have a justifiable purpose (to continuously develop our business according to customer needs and market trends)
    To handle complaints We have a justifiable purpose (to respond and handle all complaints)
    To comply with our legal and regulatory obligations to handle complaints appropriately
    For training, monitoring and quality control We have a justifiable purpose (to record calls and review other personal information for training, monitoring and quality control purposes)
    Maintaining data about your business and personal interests We have a justifiable purpose (to help us build our business relationship with you and identify events which you may be interested in attending)
    To request and analyse feedback about our services We have a justifiable purpose (to request and analyse customer feedback in order to improve our service and performance)


    Who do we share your personal information with

    We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties:

    Internal disclosures with HSB teams

    Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspection businesses for the purposes described above including:

    • Via internal reports 
    • Via access to central IT systems 
    Disclosures to third parties

    We also disclose your information to the following third parties for the purposes described above. You can contact us for details of specific disclosures made in respect of your information. 

    • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US) – our US parent company 
    • Our mutual clients when arranging inspections
    • Insurers and reinsurers 
    • Actuaries, including Milliman LLP
    • Auditors (including HSB Group internal audit team and KPMG)
    • Solicitors 
    • Tax advisors 
    • Salvage agents 
    • Debt collection agencies 
    • Loss adjusters (worldwide)
    • IT providers/hosted IT solution providers including:
      • Our US parent company HSB IIC who host our policy and contract administration systems;
      • Our ultimate parent company LMP who host our email servers
    • Financial crime detection agencies and insurance industry databases (such as for fraud prevention and checking against international sanctions) 
    • Organisations who provide us with administration services, such as direct marketing or customer feedback administration
    • Other third parties involved in claims handling such as claims handlers, investigators and medical experts, witnesses, claimants
    • Our regulators including the Financial Conduct Authority, the Prudential Regulation Authority and the Information Commissioner's Office
    • The police, HMRC and other crime prevention and detection agencies
    • The Financial Ombudsman Service
    • Selected third parties in connection with any sale, transfer or disposal of our business
    • Any other person where necessary to manage the business relationship we have with you, in order to protect ourselves from risk or to ensure regulatory compliance or good governance

    If you are a user of the HSB website, this section will be relevant to you and sets out our uses of your personal information.

    What personal information will we collect?

    • Information submitted via the website such as your name, contact details and company name and IP address.
    • Information obtained through our use of cookies. You can find more information about this in our Cookie Policy here.

    What special categories of personal information will we collect?

    None.

    How will we collect your personal information?

    We will collect your information directly from our website.

    What will we use your personal information for?

    We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal ground”, when we process your "personal information":

    • We need to use your personal information for a justifiable purpose (e.g. to monitor the number of visitors to our website, to keep business records and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests.
    • We need to use your personal information to enter into or perform an inspection services contract with you. For example, we need to use your personal information to provide you with a quote.

    Purpose for processing Legal grounds for using your personal information Legal grounds for using your special categories of personal information
    To follow up on enquiries you make We have a justifiable purpose (to respond to your queries).
    To monitor website visits, pages visited and downloads/streaming of content We have a justifiable purpose (to monitor the number of visitors to our website and to develop and improve information about our products and services).
    Determining inspection services contract fee It is necessary to enter into or perform an inspection services contract
    We have a justifiable purpose (to determine an appropriate inspection services contract fee)


    Who do we share your personal information with

    We will keep your personal information confidential and will only share it where necessary for the purposes set out above with the following parties

    Internal disclosures with HSB teams

    Personal information is shared between our internal departments and between the HSB Insurance and HSB Inspections businesses for the purposes described above including:

    • Via internal reports 
    • Via access to central IT systems 
    Disclosures to third parties

    We also disclose your information to the following third parties for the purpose described above. You can contact us for details of specific disclosures made in respect of your information. 

    • HSB Group companies (both inside and outside of the European Economic Area), including HSB IIC (US) 
    • Munich Re, our ultimate parent company who host our website
    If you have applied for a job at HSB Insurance or HSB Inspections, this section will be relevant to you and sets out our uses of your personal information.