The privacy and security of personal information is important to McGill and Partners (collectively McGill and Partners Group Ltd, McGill and Partners Ltd, McGill and Partners Services Ltd and MGP McGill and Partners Ireland Limited). This notice explains who we are, the types of personal information we hold, how we use it, who we share it with and how long we keep it. It also informs you of certain rights you have regarding your personal information under current data protection law. The terms used in this privacy notice are based on those provided by the UK Information Commissioner’s Office (ICO). You can find out more about the ICO here: https://ico.org.uk/.
1. Who are we?
McGill and Partners is the data controller of any personal information provided to us when you use our services and is registered with the ICO.
You can contact us for general data protection queries in writing to the Data Protection Officer, McGill and Partners Limited, Suite 806, Gallery 8, 1 Lime Street, London EC3M 7HA or by email to DPO@mcgillandpartners.com. Please advise us of as much detail as possible to comply with your request.
1.2 What information do we collect?
To enable us to provide services to our clients we may collect and use personal information provided to us by our clients or by those with whom we deal on behalf of clients. This information may include, but not necessarily be limited to: name, address, telephone number, email address, postal address, occupation, date of birth, additional details of risks related to the services we provide and payment details (including bank account number and sort code). It may also include personal information (including sensitive personal data) where provided in relation to any claim we may be handling. This information will be collected as it is considered necessary for a legitimate insurance purpose and to meet contractual or regulatory obligations that arise from the provision of insurance-related services to our clients.
We may also collect personal information from third parties such as regulatory authorities, your employer, other organisations with whom you have dealings, government agencies, credit reporting agencies, recruitment agencies, information or service providers and publicly available records.
We only collect and use sensitive personal data where it is critical for the delivery of insurance products and services we provide to our client and as allowed under applicable law. If you object to use of such information we will be unable to offer that product or service.
If you apply for a job or work placement you may need to provide information about your education, employment, racial background and health. In doing so, you expressly consent to our use of this information to assess your application, for our internal recruitment analytics and for such monitoring or screening activities as we may require in accordance with applicable law. We may disclose your personal information to recruiters, screening check providers, health service providers, professional and trade associations, law enforcement agencies, recruitment analytics and diversity research providers, referees and your current and previous employers. We may also collect your personal information from these parties in some circumstances.
1.3 How do we use your personal information?
We will only use your information when it is legally permissible for us to do so. This includes to enable us to assess the products and provide the services that our client has requested but we may also, if relevant, use this personal information to:
- Communicate with you
- Develop new products and services
- Undertake statistical analysis
- Comply with a legal or regulatory obligation or requirement
Where you are our client, from time to time we may need to contact you for a variety of reasons relating to the services we provide (for example, to update you on the progress of a claim or to discuss renewal of your insurance contract). To ensure the confidentiality and security of the information we hold, we may need to request personal information and ask security questions to satisfy ourselves that you are who you say you are.
We aim to keep the information we may hold about you as accurate as possible. If you are our client, you can inform us of a change in your details by contacting your usual McGill and Partners contact at any time. Where you are not our client, you can contact our Data Protection Officer using the details provided above.
We may aggregate information and statistics on website usage or for developing new and existing products and services, and we may also provide this information to third parties. Where provided to third parties, these statistics will not include information that can be used to identify any individual, other than in very limited circumstances. For example, personally identifiable information may be held and shared with third parties where necessary for security reasons such as when monitoring access to: (i) data rooms; and (ii) files shared on our OneDrive platform.
1.4 Securing your personal information
We follow strict security procedures in the storage and disclosure of personal information, whether in electronic or paper format, in line with industry practice.
We store all the information provided to us, including information provided via forms you may complete on our website, and information which we may collect from your browsing (such as clicks and page views on our websites).
Any new information you provide us may be used to update an existing record we hold for you.
1.5 When do we share your information?
The insurance lifecycle involves the sharing of your personal data between insurance market participants such as insurers or loss adjusters, some of whom you will not have direct contact with. In these instances, while the information provided will be disclosed to these companies, it will only be disclosed by McGill and Partners to allow for the provision and administration of the service provided (for example verification of any quote given to our client, claims processing, underwriting and pricing purposes, or to maintain management information for analysis).
To help us prevent financial crime, your details may be submitted, where relevant to the insurance cover being sought, to fraud prevention agencies and other organisations where your records may be searched.
We may share information with anyone our client has authorised to deal with us on their behalf. We may also share information with McGill and Partners group entities around the world.
If we provide information to a third party we will require it and any of its agents and/or suppliers to take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice or an equivalent notice or policy.
We will not share your personal information for third party marketing or for any other purposes other than for the purposes set out in this notice without your consent unless required by law to pass on your information to the police or other law enforcement body, or statutory or regulatory authority.
1.6 How long do we keep your information for?
We will not keep your personal information longer than is reasonably necessary for the purpose for which it was originally provided, unless we are required by applicable law or regulation, or have other legitimate reasons to keep it for longer (for example if necessary for any legal or claims proceedings).
Where your personal information is no longer required, it will be securely deleted or stored in a way which means it will no longer be used by us.
1.7 Your rights
There are a number of rights that you have under data protection law. Commonly exercised rights are:
- Access – you may reasonably request a copy of the information we hold about you https://ico.org.uk/your-data-matters/your-right-of-access/
- Erasure – where we have no legitimate reason to continue to hold your information, you have the right to have your data deleted (sometimes known as the right to be forgotten) https://ico.org.uk/your-data-matters/your-right-to-get-your-data-deleted/
If you are unhappy about the way we have handled your data or upheld your rights please contact us in the first instance. If you remain dissatisfied with our response, you can complain to the ICO at any time.
Further details of your rights can be obtained by visiting the ICO website at https://ico.org.uk/your-data-matters/
If you make a privacy complaint, we will respond to let you know how your complaint will be handled. We may ask you for further details, consult with other parties and keep records regarding your complaint.