Barents Reinsurance S.A. (Barents Re) respects your privacy and is committed to protecting your personal information. This Privacy Notice will inform you as to how we look after your personal information and tell you about your privacy rights and how the law protects you.
Employees, contractors, and other personnel of Barents Re should note that a separate Privacy Notice will be made available to them.
This Privacy Notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) in its EU and UK versions.
It applies to:
1. ABOUT US
This Privacy Notice is issued on behalf of Barents Re. so when we mention Barents Re, “we”, “us” or “our” in this Privacy Notice, we are referring to :
For the purposes of the EU/UK GDPR, the Barents Re companies that you have dealings with is the controller of your personal information.
Barents Re is a member of the Barents Re group, more information about the members of the group can be found here: https://www.barentsre.com/contact/
If you have dealings with Barents RE in the EU:
Barents Re is the data controller of personal information in relation to Barents Re business in Luxembourg and the EEA.
Barents Reinsurance S.A
6 Rue du Fort Bourbon,
You can write an e-mail to the relevant above-mentioned address. Please note that we will process your personal data pursuant to Art. 6 (1) c GDPR to be able to process your request and for identification purposes.
Furthermore, you may file a complaint with the supervisory authority responsible for Barents Re:
CNPD (Commission Nationale pour la Protection des Données)
1, Avenue du Rock’n’Roll
You have the right to make a complaint at any time to this authority. We would, however, appreciate the chance to deal with your concerns before you approach the CNPD, so please be kind to contact us in the first instance.
If you have dealings with Barents Re in the UK:
Barents Reinsurance S.A (London Branch) , is the data controller of personal information in relation to Barents Re business in the UK.
Barents Reinsurance S.A
40 Lime Street,
2nd Floor North,
London, EC3M 7AW
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please be kind to contact us in the first instance.
2. PRIVACY PRINCIPLES
We will comply with applicable data protection law. This says that the personal information we hold about you must be:
a. Explicit consent obtained from the data subject;
b. Processing is necessary for the performance of a contract with the data subject or to take steps to enter a contract;
c. Processing is necessary for compliance with a legal obligation;
d. Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official f. authority vested in the controller;
f. Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
a. Right to be informed;
b. Right of access;
c. Right to rectification;
d. Right to erasure;
e. Right to restrict processing of their data for direct marketing purposes;
f. Right to data portability;
g. Right to object;
h. Rights in relation to automated decision making and profiling;
i. Right to withdraw consent; and
j. Right to lodge a complaint.
Please refer to “Your Rights” section for detailed explanation of each Right and Barents Re duties as Data Controller.
3. HOW DO WE USE YOUR DATA?
The personal information that we collect will depend on our relationship with you. The different processing activities are detailed in the chapters below. Please note, in certain circumstances we may request and/or receive “sensitive” personal information about you.
Personal information is defined in the GDPR as any information relating to an identified or identifiable natural person. It can include obvious data like your name but also identification numbers, online identifiers and/or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Sensitive personal information or special category data includes data revealing race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.
1.1 When you submit a contact request via the barentsre.com website
When you submit a contact request via the group’s website, this request may be forwarded to us. In the contact form, we ask for your name, first name, email address, phone number.
We use this information to respond to your request for information, including providing you with all requested information about our products and services. We can also contact you several times after your contact request to follow up on your enquiries. We will do so based on our legitimate interest in providing accurate information before and after a sale or request for information or contact.
We keep e-mails requesting information for a period of two years, after which these emails are permanently deleted.
1.2 When you are applying for a job at our company
We collect personal information about candidates through the application and recruitment process, either directly from candidates or sometimes from third parties (including recruitment agencies and social media profiles). Recruitment agencies which collect and use your personal information, including for the purpose of introducing you as a candidate to Barents Re, act as the controller of your personal information for that purpose and so are subject to a separate Privacy Notice provided by the agencies to you.
We use this information in our legitimate interest to select the right candidate for the open job position.
Should you be successful in your application, we will only transfer personal information to your employment record if it is relevant to your ongoing working relationship with Barents Re.
Should you be unsuccessful in your application, we will securely destroy your application details latest 6 months after the open position has been filled, but will keep on file your name, any additional identifiers required to distinguish candidates of the same name and the position for which you applied for future recruitment purposes.
1.3 When you are contact person at a supplier or vendor
If you are our contact person at a supplier or vendor to Barents Re, we will collect, use and store limited amounts of personal information relating to you, including your name, job title, qualifications, employer or parent organisation and contact details.
We will use this data for the management of our contractual relationship and maintaining records of goods, services or advice we have received, and commissioning further services or procuring further goods.
The personal information we hold about suppliers and professional advisers will be shared with:
Our legal basis for collecting, using and storing personal information that you provide to us is that such processing is necessary for our legitimate interests in operating our business.
1.4 When we are in contact for business purposes
If you are a legal representative, an ultimate beneficial owner (UBO) or a member of the board of directors of a party who has a policy with us under which it is insured, we collect your identification data, financial data, academic curriculum, legal data related to suspicions and legal data regarding judicial actions. Please be aware that this is not an exhaustive list. We receive this information either directly from you or indirectly from the cedants or brokers where the party has a policy. We collect this information to fulfil our legal obligations concerning AML and KYC regulations.
We store this data for the duration of the contract and 10 years beyond.
If you are a life insurance policy holder of a party who has a policy with us under which it is insured, we may collect your identification data, insurance amount, occupation and medical reports (like blood & urine tests, ECG, and other). We collect this data from the party you have an insurance policy.
We use this data to determine the conditions of the policy with your life insurance policy holder.
Our legal basis for collecting, using, and storing this data is that such processing is necessary for our legitimate interests in operating our business.
Your data will be deleted latest one year after the end of the contract.
In some cases, we may share your information with 3rd parties specialized in the analyses of medical risks.
4. YOUR RIGHTS
1.1 RIGHT TO BE INFORMED
You have the right to be informed about the collection and use of your personal data. Accordingly, at the time of collection of your personal data you shall be provided with the following information: (i) purposes for processing their personal data, (ii) retention periods for that personal data, and (iii) who it will be shared with.
1.2 RIGHT OF ACCESS
You are entitled to access your personal data and supplementary information to be aware of and verify the lawfulness of the processing.
Please be aware that we must verify the identity of the person making the request. If you make a formal request, your personal information will be provided to you in writing. If your request is made electronically, we would provide the information in a commonly used electronic format. If the request is made through a phone call, the caller’s identity will be checked to make sure that information is only given to a person who is entitled to it and suggest that the callers put their request in writing.
The right to obtain a copy of information or to access personal data should not adversely affect the rights and freedoms of others.
There will not usually be a charge for dealing with these requests.
1.3 RIGHT TO RECTIFICATION
We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if this is not the case, you can ask us to update or amend it by emailing us at [email protected] by providing the details shown in your policy and any other relevant documentation.
1.4 RIGHT TO ERASURE
In certain circumstances (e.g., where the personal information we collected is no longer necessary for the original purpose or where you withdraw your consent) you have the right to ask us to erase your personal information. However, this will need to be balanced against other existing obligations we may have, for example, duty to comply with a legal obligation, or for the establishment, exercise or defence of legal claims.
1.5 RIGHT TO RESTRICT PROCESSING OF THEIR DATA FOR DIRECT MARKETING PURPOSES
In certain circumstances, you can limit the way we use your data. This is an alternative to requesting the erasure of your data. Where you have a particular reason for wanting the restriction (for example where you think that the personal information, we hold about you may be inaccurate or where you think that we no longer need to process your personal information) you are entitled to ask us to stop using your personal information.
1.6 RIGHT TO DATA PORTABILITY
In certain circumstances, you have the right to ask that we transfer any personal information that you have provided to us to another third party of your choice if this is technically feasible. Once transferred, the other party will be responsible for looking after your personal information.
There will not usually be a charge for dealing with these requests.
1.7 RIGHT TO OBJECT
You have the right to object to us processing your information where we are processing data in connection with our business. In such cases, we will stop processing unless we can demonstrate compelling legitimate grounds for continuing the processing which override your interests.
If you have concerns about how we are using your information and believe that this should stop, you can email us at [email protected]
1.8 RIGHTS IN RELATION TO AUTOMATED DECISION MAKING AND PROFILING.
Some of our decisions are made automatically by inputting your personal information into a system or computer and the decision is taken using automatic processes rather than our employees making those decisions. We may use automatic processes, for example, to verify your identity or to decide your premium.
You have a right not to be subject to automated decision-making, including profiling, and can object to such automated decision-making, including profiling by emailing us at [email protected]
Notwithstanding the above, please bear in mind that in some circumstances, if you opt out of the automated decision-making, we may not be able to offer you a quote or policy as some automated decisions are necessary to provide your policy(ies).
1.9 THE RIGHT TO WITHDRAW CONSENT
For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information, subject to the data concerned not being essential for future processing (please note we may not be able to process your policy(ies) if you withdraw your consent). In these circumstances, the Subject Access and Consent Withdrawal Procedure must be followed.
1.10 THE RIGHT TO LODGE A COMPLAINT
You have a right to complain to the relevant data protection agency in our main countries of operation (Commission Nationale pour la Protection des Données – Luxemburg, Information Commissioner’s Office – United Kingdom) or any other relevant data protection agency which may be, from time to time, entitled to resolve such complaint, if you object to the way in which we use your personal information.
5. INFORMATION SHARING
We might share your personal information with:
This might include disclosure of your personal information to a third party which will only be made where the third party has agreed to keep your information strictly confidential and shall only be used for the specific purpose for which we provide it to them.
We may also disclose your personal information to other third parties where:
Any sharing will be kept strictly confidential and will only be used for the reasons described above.
6. INTERNATIONAL TRANSFERS
In some circumstances, we are required to transfer your personal information from within the UK or the European Economic Area (EEA) to non-European Economic Area or non-UK countries (referred to in the GDPR as ‘third countries’) for being necessary for the performance of your contract. Where we transfer your personal information outside of the EEA we will implement the required measures to ensure that your personal information is protected. Such measures may include entering into Standard Contractual Clauses with the party we are transferring personal information.
For your protection and the protection of your personal data, such data transfers are subject to appropriate safeguards pursuant to and in accordance with the statutory requirements (especially application of EU Standard Contractual Clauses), or the EU Commission has issued an adequacy decision (Art. 45 GDPR).
For information on EU Standard Contractual Clauses, refer to :
The EU Commission makes the information on its adequacy decisions available under https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu
Moreover, we are under the statutory obligation to provide personal data to national and international authorities ((Art. 6 (1) c GDPR) in conjunction with local and international regulations and treaties).
7. CHANGES TO THIS NOTICES
We keep this notice under regular review.
From time to time we may need to make changes to this Privacy Notice as a result, for example, of changes in the data protection regulations. You should check the Barents Re website periodically to view the most up to date Privacy Notice.