Privacy Policy

We are committed to maintaining the accuracy, confidentiality and security of your personal information.  This Privacy Policy describes the personal information that we collect from you or about you and how we use it and to whom we disclose this information. 

As a business regulated by the Guernsey Financial Services Commission, we may on occasion need to process your data to comply with the regulatory requirements or fulfil the obligations of a contract we have entered with you. 
 

What is personal information?

For the purposes of this Privacy Policy, personal information is any information about an identifiable individual, other than the person’s business title or business contact information when used or disclosed for the purpose of business communications.  Personal information does not include anonymous or non-identifiable information (i.e. information that cannot be associated with or tracked back to a specific individual). 

Personal Information we collect, process, hold and share includes: 

• Name 
• Residential address 
• Contact details 
• Date of birth 
• Proof of identity 
• Background check data 
• Bank details 
• Occupation 
• Marital status 
• Special categories of data including medical and criminal information.

Why we collect and use this information 

• Establishing and maintaining communications with you 
• Providing our contracted services to you in arranging insurance cover and handling claims 
• Collecting, forwarding and refunding of premiums 
• Processing transactions through service providers 
• Complying with any requirement of Law, Regulation or reporting to a Regulatory or Tax authority 
• Undertaking anti-fraud, sanction, anti-money laundering and the countering of the financing of terrorism and other checks to protect against fraud, suspicious or other illegal activities. 

In the future, if we intend to process your personal data for a purpose other than that which it was collected, we will request your consent where necessary and provide you with information on that purpose and any other relevant information. 
 

The lawful basis on which we process this information 

The Company processes your personal data in order to comply with its legal obligations.  Any special category data processed is also in order to comply with a legal or contractual obligation and in order to process any insurance claim. 
 

Collecting this information 

Much of the information we hold will have been provided by your insurance intermediary as part of their contract with us.  When processing a claim, we may also obtain information directly from you.  We do not use automated decision making (including profiling) in any circumstances. 
 

Storing this information 

We hold your personal data both in hard copy files and on IT systems.  The information will be stored until the expiration of a period of six years after the termination of our relationship with the scheme which you have been a member of. 

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
 

Who we share this information with

Personal data may be shared with our senior management and employees of our Insurance Manager, Robus Risk Services (Guernsey) Limited, a company regulated by the Guernsey Financial Services Commission.  Information may also be shared with the Company’s auditors and parties that provide certain information technology and data processing services to us so that we may operate our business. 

In limited and necessary circumstances, your information may be transferred outside of the European Union, or countries not appearing on the Adequacy list, or to an international organisation, to comply with our legal or contractual requirements.  Those transfers would always be made in compliance with relevant data protection legislation and we would ensure that appropriate safeguards to protect your personal data were put in place. 
 

Your Rights

Under the General Data Protection Regulation (GDPR) and the Data Protection (Bailiwick of Guernsey) Law, 2017 (the DP Law), you have certain rights with regards to your personal data.  You have the right to request from us access to and rectification of your personal data.  If you would like access to the data we hold, we must receive a request in writing in order to fulfil the request. This request should be sent to us by email or by regular post as per the contact details stated below. 

In certain circumstances, you have the right to request erasure of your personal data, the right to restrict processing, object to processing, and the right to data portability. 
If you have provided consent for the processing of your data, you have the right to withdraw that consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn. 

You have the right to file a complaint with the Data Commissioner’s Office in Guernsey if you believe that we have not complied with the requirements of GDPR or the DP Law with regard to your personal data.  

We are controller and processor of data for the purposes of GDPR and the DP Law. If you have any concerns as to how your data is processed, you can contact our Compliance Officer:

Email at  compliance@universalig.com

Or by post to at:  Universal Insurance Company (Guernsey) Limited, Lefebvre Court, Lefebvre Street, St Peter Port, Guernsey, GY1 2JP