Privacy Policy
MS Amlin is committed to protecting and respecting your privacy.
This Privacy Notice explains how we, MS Amlin Insurance and its branches, handle any personal data we collect or receive about you, whether you are a broker, agent, other insurance intermediary, insured party, claimant or other insurer or whether you are in another (business) relation with us. It also covers how we use information of individuals whose data we process in connection with our products and services, even if you are not a current or prospective customer or beneficiary of our products and services, such as witnesses. We refer to personal data as any information relating to you or another living individual who is identifiable by us.
For information about what cookies are and how we use them, please read our Cookie Policy.
Where you provide us with personal data about other individuals, you must provide this Privacy Notice to them.
Who we are
We are MS Amlin Insurance SE, a company incorporated under Belgian law having its registered office in Belgium, 1030 Brussels, Koning Albert-II laan 37, and registered in the Crossroads Bank for Enterprises under number 0644.921.425 (hereinafter “we”). We have branches in the Netherlands, France and the UK.
We seek to comply with the principle of “data minimisation”. This means we work to ensure that we avoid collecting or processing data other than the types and volume of personal data required to achieve the purposes set out in this Privacy Notice. We also use a combination of technical and organisational measures to protect information in line with our obligations under data protection laws. Our staff receives training to help us comply with data protection laws and safeguard your privacy.
How to contact us
We can be contacted via post and email at the below addresses.
Post:
The Data Protection Officer
MS Amlin Insurance SE
Koning Albert-II laan 37
1030 Brussels
Belgium
Email: privacy@msamlin.com
Our Data Protection Officer will handle any questions you may have on the use of your personal data and your rights.
Your rights
You have right to:
- to be informed about the processing of personal data related to you
- to obtain a copy of your personal data held by us
- to have any incorrect personal data updated
- to request the erasure of any of your personal data
- to restrict the use of your personal data
- to object to the use of your personal data
- to request the personal data you provided to us to be moved to another organisation
- not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. See below for more information on “Automated decision making and profiling”.
If you wish to exercise any of these rights please contact us stating your request, verifying your identity and providing your contact details. In order for us to respond to your requests effectively and efficiently, contact the Data Protection Officer using the details above.
We aim to respond to all valid requests within one month. It may take us longer if the request is particularly complicated or you have made several requests. We will let you know if we think a response will take longer than one month. We may also ask you to provide more detail about what you want to receive or are concerned about.
We may not always be able to do what you have asked. This is because your rights will not always apply, e.g. if it would impact the duty of confidentiality we owe to others, or if the law allows us to deal with the request in a different way. We will always explain to you how we are dealing with your request. In some circumstances (such as the right to erasure or withdrawal of consent), exercising a right might mean that we can no longer provide our products to you.
Complaints about our use of your personal data
We take complaints made to us seriously. We would expect that any complaint can best be dealt with by contacting us in the first instance. However, if you wish to complain about our use of your personal data, and do not wish to contact us first, you also have the right to complain directly to the relevant supervisory authority. The competent supervisory authority depends on your situation. Full details on the supervisory authorities of the following countries can be found on the websites hereunder:
UK – https://ico.org.uk/
France – https://www.cnil.fr/fr
Belgium – https://www.dataprotectionauthority.be/
Netherlands – https://autoriteitpersoonsgegevens.nl/nl
Updates to this notice
This Privacy Notice is updated from time to time to take account of changes in our business activities, legal requirements and to make sure it’s as transparent as possible.
Last updated: December 2023
Information about you and how we use it
Types of personal data we hold
We capture and process a variety of different types of personal data depending on the nature of the services involved. This may include:
Individual details – Name, address, email address, telephone numbers, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you and other details related to your status as an ultimate beneficial owner
Official identification details – Identification numbers issued by government bodies or agencies, including your national insurance number, passport number, enterprise number, tax identification number and driving licence number
Financial information – Bank account or payment card details, income or other financial information
Risk details – Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include health data and criminal convictions. For certain types of policies, this could also include the number of claim-free years and telematics data (telematics data is data relating to where and how you or those covered drive and captures information relating to speed, acceleration, braking and other similar data)
Policy information – Information about the quotes you receive and policies you take out
Anti-fraud data – Sanctions, criminal offences and information received from various anti-fraud databases relating to you (including claims history, trustworthiness and morality)
Previous and current claims – Information about previous and current claims, (including other unrelated insurances), which may including data relating to your health and criminal convictions
Sometimes we may need to process special categories of personal data. These are certain types of personal data which require additional privacy protection, such as biometric data and health data. Personal data and special category data, in particular health data, may be required to allow us to provide a quote or consider your claim. For example, health data are needed to handle medical liability claims.
We collect data about children in some circumstances, e.g. where a child is insured on an adult’s policy, where a child takes out a policy with us, car insurance for under 18s, or where a child is a claimant.
Sources of personal data
We may obtain personal data directly from you, including from applications and claims forms that you complete, communications between us, your participation in market research, your use of our website, as well as details from the devices you use to interact with our website or a telematics device, if relevant.
We may also receive your information from our policyholders e.g. when:
- you are a joint policyholder, named driver or otherwise a beneficiary under a policy;
- you are witness to an incident;
- you are claiming against one of our policyholders;
- one of our policyholders is claiming against you;
- you are providing professional services e.g. as a medical expert.
We may also obtain personal data from third parties, including:
- Third parties who provide you with services relating to your product or claim, e.g. roadside assistance providers;
- Third parties who provide us, or a third party insurer relevant to your product or claim, with services, e.g. loss adjusters, claims handlers, legal advisers, banks and private investigators;
- Third parties involved in your product or claim, e.g. other insurers, brokers, claimants, defendants and witnesses to an incident;
- Healthcare providers;
- Financial crime, fraud or uninsured detection agencies, databases and sanctions lists, including the Stitching EPS who are the data controller for the Roy Data System, the Motor Insurers’ Bureau (MIB) who are the data controller for the Motor Insurance Database (MID), the Claims and Underwriting Exchange (CUE), Motor Insurance Anti-Fraud Theft Register, No Claims Discount Database, Whiplash Reforms Programme, Employers’ Liability Tracing Office (ELTO) and Insurance Fraud Bureau (IFB);
- Government agencies and regulatory bodies including the police, the courts, the Crossroads Bank for Enterprises (CBE), the Financial Services and Markets Authority (FSMA), the National Bank of Belgium (NBB), the KBIS register, the ORIAS register, the Driver and Vehicle Licensing Agency (DVLA), Driver and Vehicle Standards Agency (DVSA), the Department for Work and Pensions (DWP), Companies House and HM Revenue & Customs (HMRC);
- Third parties who provide us with details of individuals who have expressed an interest in hearing about insurance products;
- Third parties who provide services in relation to your policy or claim, including checking no claims discounts;
- Third parties who help us maintain the accuracy of our data, e.g. by identifying individuals who are deceased, updating contact details for individuals who have moved;
- Publicly available sources including the Office for National Statistics (e.g. census data) and other data made available under the Open Government Licence, internet searches, news articles, online marketplaces and social media sites, apps and networks (e.g. Twitter, Facebook and Instagram); and
- Providers of marketing and advertising services.
Why we use your personal data
We collect your personal data to help us with advising on, arranging, underwriting or administering an insurance contract or administering a claim under an insurance contract. Specifically:
a. Advising on, arranging and underwriting your policy, including:
- Understanding your insurance requirements to offer you a product that matches your needs and circumstances
- Gaining a reasonable understanding of the nature of the risk to be covered by the policy
- Providing competitive and appropriate pricing
- Contacting you to renew your policy for another year
- Processing payments and refunds
b. Administering your policy, including:
- Managing any changes to your policy
- Providing and improving client services as appropriate, including by recording and monitoring telephone calls
- Maintaining contact with you and relevant third parties, for issues relating to your policy and general customer contact
c. Administering your claims, including:
- Registering your claims
- Assessing your claims, including any liaison with third parties potentially involved in your claims, e.g. communications regarding car repairs or health information
- Running due diligence checks e.g. money laundering, claims history, trustworthiness and morality
- The investigation of fraudulent claims
- The defence of or prosecution of valid and legal claims
d. Compliance with legal requirements:
We must comply with legal requirements, which include the following:
- legislation governing insurance contracts obliges insurance companies to prepare contract documents and to keep them on record throughout certain statutory retention periods.
- insurance companies must deploy all possible means to prevent and uncover instances of money laundering and report them to the authorities. We must therefore take the necessary steps for this.
- insurance companies are required to screen customers and other parties (e.g. persons to whom payments are made) against sanctions lists in the context of the part they play in fighting terrorism and their obligations under sanctions rules.
- insurance companies are responsible for processing transactions through their accounting.
- We use your personal data to manage complaints, including to allow us to respond to complaints, or challenges you or others might raise later. We may be obliged to forward details about your complaints, including your personal data, to the appropriate authorities, e.g. the relevant ombudsman
- insurance companies are responsible for appropriately controlling risks. They are required to detect, prevent, mitigate and address risks. Examples include insurance, counterparty and market risk, risks concerning information management and statutory compliance, the risk of staff, customer and/or supplier fraud, the risk of unethical behaviour by staff or breaches by them of their duties of care.
- insurance companies must also be able to respond correctly when you exercise your rights under the data protection legislation. We are also required to answer questions from the Data Protection Authority, for example, in the event of complaints.
- insurance companies must submit reports to and be able to answer questions from the regulators of financial institutions, such as the Belgian Financial Services and Markets Authority (FSMA), the National Bank of Belgium, the Dutch Association of Insurers, the Ombuds Services, the UK Financial Conduct Authority (FCA).
- insurance companies also have to respond to enquiries put to them by the courts administration (covering law enforcement right from the police, the office of the public prosecutor, investigating judges and trial courts). These concern questions in the context of police legislation and (criminal) judicial procedure (including the Criminal Procedure Code).
- in order to comply with the European Directive on the protection of whistle-blowers, we may process personal data taking into account the obligations regards whistle-blowers’ confidentiality and anonymity during and after the investigation, and reports the result internally and to the relevant authorities.
e. Marketing
We may use personal data to send direct marketing communications about our products and services that we feel you’ll be interested in. This may include communications about promotions and activities.
Marketing communications may be sent by email, post and push notification. You may also see display advertising on websites, mobile applications, social media or in online search results. You have control over our use of your personal data in relation to marketing communications. You can:
- ‘Opt out’ of receiving direct marketing.
- Change your marketing preferences at any time by emailing the Data Protection Officer at privacy@msamlin.com.
f. Allowing us to operate effectively as a company
In addition to the purposes set out above, we have certain ulterior legitimate interests on the basis of which we process personal data. In that regard, we ensure that the impact on your privacy is kept to a minimum and that, in all events, our legitimate interests remain proportionate to the impact that upholding them has on your privacy. However, if you object to this data being processed, you can exercise your right to object. We will respect your objections, unless we have compelling reasons for not doing so. There are various situations in which we process personal data, including the following:
- we use your personal data for the administration, (risk) management and oversight of our organisation, such as the legal department (including dispute management and legal risks), risk management (such as insurance risk calculations vis-à-vis customers and groups of customers worldwide), risk functions (e.g., compliance, for all duties not strictly required by law but that are in fact necessary or useful) and inspections and internal and external audit. We retain personal data for possible future evidential use. Storage may be entrusted to outside third parties.
- we use your personal data to conduct analyses (e.g. of our customers and the products they select) and generate statistics for various purposes such as more effective internal control, fraud analysis and combating fraud, risk analysis, security and other non-commercial purposes.
- we use your personal data for internal and regulatory reporting, for risk management, for the organisation of internal controls, and to defend rights and communicate as a company.
- we may also process your personal data within the scope of the decision to terminate a customer relationship if there is a serious breach of trust, for example, in the case of identified actions that are inconsistent with fraud-related regulations or ethical principles.
- we may use your personal data for the testing of our systems and processes where imitation data is unavailable. Testing which uses personal data will only by carried out in limited circumstances and only when appropriate safeguards and controls have been put in place
- we may utilise personal data to support and simplify the processes of customers beginning to use, using and ceasing to use products and services, including avoiding resubmitting information you’ve already submitted.
- we may also utilise personal data for determining, exercising, defending and preserving our rights or the rights of persons we might represent (e.g., in disputes).
- we can use your personal data to create synergy, increase efficiency and produce other benefits for our organisation and processes.
Our legal bases for processing your personal data
We are committed to collecting and using personal data in accordance with applicable data protection laws. In certain countries, by law, we must have a legal justification, known as a lawful basis, in order to use your personal data for the purposes described in this Privacy Notice. Depending upon the purpose, our lawful basis will be one of the following:
- Performance of a contract – to arrange, underwrite or manage our products, or handle claims in accordance with their terms;
- Compliance with a legal obligation – to meet responsibilities we have to our regulators, tax officials, law enforcement, or other legal responsibilities;
- Legitimate interests – to operate and improve our products and services and keep people informed about our products and services or for any other purposes we identify as appropriate to our business needs, or those business needs of a third party;
- Consent – where we have obtained appropriate consents to collect or use your Personal Information for a particular purpose.
Where we rely on legitimate interest as our lawful basis, we are required to carry out a balancing test to ensure that our interests, or those of a third party, do not override the rights and freedoms that you have as an individual. The outcome of this balancing test will determine whether we can use your personal data for the purposes described in this Privacy Notice.
Our legal bases for the use of Personal Information, where required. Purpose and lawful basis for processing personal data
Communicating with you and others including complaints handling
- Performance of a contract
- Compliance with a legal obligation
- Legitimate interests
Evaluating your application or renewal or to provide a quote
- Performance of a contract
- Legitimate interests
Provision of our services and administration of a policy including taking payment
- Performance of a contract
- Compliance with a legal obligation
- Legitimate interests
Managing third party relationships
- Performance of a contract
- Legitimate interests
Management of claims
- Performance of a contract
- Compliance with a legal obligation
- Legitimate interests
Financial or other crime, fraud and credit checks
- Performance of a contract
- Compliance with a legal obligation
- Legitimate interests
Improving quality, training and security
- Legitimate interests
Managing our business operations e.g. accounts, financial analysis, IT applications and systems decommissioning, internal audit
- Compliance with a legal obligation
- Legitimate interests
Marketing preferences
- Legitimate interests
- Consent
Where we collect and use special categories of personal data we may be required to have an additional, specific lawful basis to process such information. We usually rely upon one of the following legal bases:
- Reasons of substantial public interest:
- insurance purposes – including advising on, arranging, underwriting and administering contracts of insurance, administering claims under a contract of insurance and exercising rights, or complying with obligations that arise in connection with contracts of insurance;
- complying, or helping someone else comply with, a regulatory requirement relating to unlawful acts and dishonesty – including regulatory requirements to carry out money laundering checks;
- preventing or detecting unlawful acts – including disclosures to competent authorities;
- preventing fraud – including investigating alleged fraud;
- safeguarding the economic well-being of certain individuals – including where we identify additional support required by our customers;
- equality of opportunity or treatment – including where we need to keep under review the equality of treatment of customers with additional support needs.
- Necessary to establish, exercise or defend a legal claim – including where we are faced with legal proceedings, we bring legal proceedings ourselves or where we are investigating legal proceedings that a third party has brought against you;
- Information has been clearly or obviously made public by you.
Where we cannot rely on one of the above lawful bases to process your special categories of personal data for a particular purpose, we will seek your explicit consent.
Who we share personal data with
To allow us to meet our obligations and effectively provide our services to you, it may be necessary to share your personal data with Ms Amlin subsidiaries and external parties. These external parties may include:
- Anti-fraud databases
- Claims handlers
- Lawyers and Solicitors
- Industry bodies, e.g., Dutch Association of Insurers
- Loss adjusters
- External parties involved in the claim
- Private investigators
- The police and law enforcement
- The statutory auditor
- The Motor Insurers’ Bureau – MIB
- The Stichting EPS – Roy Data System
- External parties involved in the investigation, defence or prosecution of claims
- Other insurers (under court order or to prevent and detect fraud)
- The Prudential Regulatory Authority, the National Bank of Belgium, the Financial Conduct Authority, the Information Commissioner’s Office, the Data Protection Authority and other regulators as required by law
- Our suppliers and sub-contractors for the performance of any contract we have with them
- Reinsurers
Your data will be shared securely, and only when absolutely necessary. It will never be sold on to external parties or organisations for marketing purposes.
If you give us false or inaccurate information and we suspect fraud, we will record this to prevent further fraud and money laundering. This may be shared between insurers and with fraud prevention agencies and databases.
Ongoing storage and use of your personal data
We will not keep personal data for longer than necessary for the purpose for which it is processed. It will be retained in accordance with our Data Retention Standard. Laws or regulations may require us to keep records for specific periods of time. We may also need to keep records in order to administer the insurance relationship, to fulfil our contractual or statutory obligations or to resolve queries or disputes which may arise.
We will store your personal data based upon the following criteria:
- Whether the personal data is actively required for the purposes stated in this Data Privacy Notice
- Whether there is a legal or regulatory reason to continue to retain the personal data
International data transfers
In principle, we do not to transfer or share your data outside the European Economic Area and the United Kingdom. When personal data are transferred outside the EU, we only transfer your personal information to countries that are considered by those laws to provide an adequate level of protection or otherwise where we have established or confirmed that all data recipients will provide an adequate level of data protection, in particular by way of entering into appropriate data transfer agreements based on Standard Contractual Clauses (e.g., Commission Implementing Decision (EU) 2021/914) and other suitable measures, which are accessible from us upon request.
Automated decision making and profiling
In some cases we use an automated decision making process to generate a quote to provide you with an insurance service; this process will use the information which you have provided to us, other records we hold about you in our systems and data sourced from third parties to make predictions, including the likelihood that a claim will be made and its value, the likelihood a product will be purchased and the likelihood that a claim might be fraudulent, to make an overall assessment of your application. This assessment will consider the level of risk involved and if applicable, generate a quote for the insurance service. We also make automated decisions throughout the life of your policy, e.g. before offering you a renewal or when dealing with a claim.
We use profiling and data analysis to build, train, market and audit our services.
The automated decision making and profiling process is regularly tested to ensure it remains fair, effective and unbiased. If you object to the use of automated decision making or require information about the logic involved in relation to the decision, to challenge it or would like to exercise the right to human intervention, please call us on the telephone number displayed on the quote generation page