Barents Re > Privacy Notice Luxembourg

Privacy Notice

Luxembourg

Barents Reinsurance S.A. (Barents Re) respects your privacy and is committed to protecting your personal information. This Privacy Notice will inform you as to how we look after your personal information and tell you about your privacy rights and how the law protects you.

Employees, contractors, and other personnel of Barents Re should note that a separate Privacy Notice will be made available to them.

This Privacy Notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) in its EU and UK versions.

It applies to:

  • individuals with whom Barents Re may have had contact for business purposes, either on our own account or on behalf of third parties or organisations,
  • individuals who are employed by or otherwise associated with Barents Re’s suppliers, vendors, or professional advisors,
  • individuals who are involved in transactions or potential transactions which are evaluated or conducted by Barents Re or any of Barents Re’s sub-advisors,
  • individuals with whom Barents Re has contact during a recruitment process.

1. ABOUT US

 

This Privacy Notice is issued on behalf of Barents Re. so when we mention Barents Re, “we”, “us” or “our” in this Privacy Notice, we are referring to :

  • Barents Reinsurance S.A in Luxembourg
  • its UK branch : Barents Reinsurance S.A (London Branch)

For the purposes of the EU/UK GDPR, the Barents Re companies that you have dealings with is the controller of your personal information.

Barents Re is a member of the Barents Re group, more information about the members of the group can be found here: https://barentsre.com/contact/

If you have dealings with Barents RE in the EU:

Barents Re is the data controller of personal information in relation to Barents Re business in Luxembourg and the EEA.

Contact :

Barents Reinsurance S.A
6 Rue du Fort Bourbon,
L-1249 Luxembourg
mailto:[email protected]

You can write an e-mail to the relevant above-mentioned address. Please note that we will process your personal data pursuant to Art. 6 (1) c GDPR to be able to process your request and for identification purposes.

Furthermore, you may file a complaint with the supervisory authority responsible for Barents Re:

CNPD (Commission Nationale pour la Protection des Données)
1, Avenue du Rock’n’Roll
L-4361 Esch-sur-Alzette
Web: https://cnpd.public.lu.html

You have the right to make a complaint at any time to this authority. We would, however, appreciate the chance to deal with your concerns before you approach the CNPD, so please be kind to contact us in the first instance.

If you have dealings with Barents Re in the UK:

Barents Reinsurance S.A (London Branch) , is the data controller of personal information in relation to Barents Re business in the UK.

Contact:

Barents Reinsurance S.A
40 Lime Street,
2nd Floor North,
London, EC3M 7AW
United Kingdom
mailto:[email protected]

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please be kind to contact us in the first instance.

2. PRIVACY PRINCIPLES

 

We will comply with applicable data protection law. This says that the personal information we hold about you must be:

1. FAIR AND LAWFUL PROCESSING: Personal information you provide is processed fairly, lawfully and in a transparent manner in accordance with the six circumstances set out by GDPR as a lawful basis of processing personal data:

a. Explicit consent obtained from the data subject;
b. Processing is necessary for the performance of a contract with the data subject or to take steps to enter a contract;
c. Processing is necessary for compliance with a legal obligation;
d. Processing is necessary in order to protect the vital interests of the data subject or of another natural person;
e. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official f. authority vested in the controller;
f. Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

2. COLLECTED FOR SPECIFIC, EXPLICIT AND LEGITIMATE PURPOSES: Personal information you provide is collected for a specific purpose, is not processed in a way which is incompatible with such purpose, can only be used for that purpose and the use must be consistent with those set out in any privacy or consent notice used to obtain the data.

3. ADEQUATE, RELEVANT AND NOT EXCESSIVE FOR THE PURPOSE: Your personal information is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. Data should be destroyed or rendered anonymous at the point at which it no longer serves a relevant purpose.

4. ACCURATE AND KEPT UP TO DATE WITH EVERY EFFORT TO ERASE OR RECTIFY WITHOUT DELAY: Your personal information is kept accurate and, where necessary kept up to date. No data should be held unless it is reasonable to assume that it is accurate. Data should be erased or corrected as soon as it has been identified to be inaccurate.

5. NOT KEPT LONGER THAN NECESSARY FOR THE PURPOSE OF PROCESSING: Your personal information is kept no longer than is necessary for the purposes for which the personal information is processed. Barents Re will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required.

6. PROCESSED IN LINE WITH DATA SUBJECTS’ RIGHTS: Your personal information is processed in accordance with your rights. Barents Re will process all personal data in line with the data subjects’ rights, set per GDPR, in particular:

a. Right to be informed;
b. Right of access;
c. Right to rectification;
d. Right to erasure;
e. Right to restrict processing of their data for direct marketing purposes;
f. Right to data portability;
g. Right to object;
h. Rights in relation to automated decision making and profiling;
i. Right to withdraw consent; and
j. Right to lodge a complaint.

Please refer to “Your Rights” section for detailed explanation of each Right and Barents Re duties as Data Controller.

7. PROCESSED IN A MANNER THAT ENSURES THE APPROPRIATE SECURITY AND CONFIDENTIALITY: We will take appropriate steps to keep your personal information secure.

8. NOT TRANSFERRED TO PEOPLE OR ORGANISATIONS SITUATED IN COUNTRIES WITHOUT ADEQUATE PROTECTION: Barents Re does not sell your personal information and we also do not permit the selling of customer data by any companies who provide a service to us. We will only transfer your personal information to another country or an international organisation outside the European Economic Area where we have taken the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect it to adequate standards.

3. HOW DO WE USE YOUR DATA?

 

The personal information that we collect will depend on our relationship with you. The different processing activities are detailed in the chapters below. Please note, in certain circumstances we may request and/or receive “sensitive” personal information about you.

Personal information is defined in the GDPR as any information relating to an identified or identifiable natural person. It can include obvious data like your name but also identification numbers, online identifiers and/or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Sensitive personal information or special category data includes data revealing race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.

3.1 When you submit a contact request via the barentsre.com website

When you submit a contact request via the group’s website, this request may be forwarded to us. In the contact form, we ask for your name, first name, email address, phone number.

We use this information to respond to your request for information, including providing you with all requested information about our products and services. We can also contact you several times after your contact request to follow up on your enquiries. We will do so based on our legitimate interest in providing accurate information before and after a sale or request for information or contact.

We keep e-mails requesting information for a period of two years, after which these emails are permanently deleted.

3.2 When you are applying for a job at our company

We collect personal information about candidates through the application and recruitment process, either directly from candidates or sometimes from third parties (including recruitment agencies and social media profiles). Recruitment agencies which collect and use your personal information, including for the purpose of introducing you as a candidate to Barents Re, act as the controller of your personal information for that purpose and so are subject to a separate Privacy Notice provided by the agencies to you.

We use this information in our legitimate interest to select the right candidate for the open job position.

Should you be successful in your application, we will only transfer personal information to your employment record if it is relevant to your ongoing working relationship with Barents Re.

Should you be unsuccessful in your application, we will securely destroy your application details latest 6 months after the open position has been filled, but will keep on file your name, any additional identifiers required to distinguish candidates of the same name and the position for which you applied for future recruitment purposes.

3.3 When you are contact person at a supplier or vendor

If you are our contact person at a supplier or vendor to Barents Re, we will collect, use and store limited amounts of personal information relating to you, including your name, job title, qualifications, employer or parent organisation and contact details.

We will use this data for the management of our contractual relationship and maintaining records of goods, services or advice we have received, and commissioning further services or procuring further goods.

The personal information we hold about suppliers and professional advisers will be shared with:

  • professional advisors, such as accountants, lawyers or other consultants;
  • other companies in the BARENTS Re Group;
  • BARENTS Re’s auditors; and
  • applicable regulators and other governmental agencies anywhere in the world.

Our legal basis for collecting, using and storing personal information that you provide to us is that such processing is necessary for our legitimate interests in operating our business.

3.4 When we are in contact for business purposes

If you are a legal representative, an ultimate beneficial owner (UBO) or a member of the board of directors of a party who has a policy with us under which it is insured, we collect your identification data, financial data, academic curriculum, legal data related to suspicions and legal data regarding judicial actions. Please be aware that this is not an exhaustive list. We receive this information either directly from you or indirectly from the cedants or brokers where the party has a policy. We collect this information to fulfil our legal obligations concerning AML and KYC regulations.

We store this data for the duration of the contract and 10 years beyond.

If you are a life insurance policy holder of a party who has a policy with us under which it is insured, we may collect your identification data, insurance amount, occupation and medical reports (like blood & urine tests, ECG, and other). We collect this data from the party you have an insurance policy.

We use this data to determine the conditions of the policy with your life insurance policy holder.

Our legal basis for collecting, using, and storing this data is that such processing is necessary for our legitimate interests in operating our business.

Your data will be deleted latest one year after the end of the contract.

In some cases, we may share your information with 3rd parties specialized in the analyses of medical risks.

4. YOUR RIGHTS

 

4.1 RIGHT TO BE INFORMED

You have the right to be informed about the collection and use of your personal data. Accordingly, at the time of collection of your personal data you shall be provided with the following information: (i) purposes for processing their personal data, (ii) retention periods for that personal data, and (iii) who it will be shared with.

4.2 RIGHT OF ACCESS

You are entitled to access your personal data and supplementary information to be aware of and verify the lawfulness of the processing.

Please be aware that we must verify the identity of the person making the request. If you make a formal request, your personal information will be provided to you in writing. If your request is made electronically, we would provide the information in a commonly used electronic format. If the request is made through a phone call, the caller’s identity will be checked to make sure that information is only given to a person who is entitled to it and suggest that the callers put their request in writing.

The right to obtain a copy of information or to access personal data should not adversely affect the rights and freedoms of others.

There will not usually be a charge for dealing with these requests.

4.3 RIGHT TO RECTIFICATION

We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if this is not the case, you can ask us to update or amend it by emailing us at [email protected] by providing the details shown in your policy and any other relevant documentation.

4.4 RIGHT TO ERASURE

In certain circumstances (e.g., where the personal information we collected is no longer necessary for the original purpose or where you withdraw your consent) you have the right to ask us to erase your personal information. However, this will need to be balanced against other existing obligations we may have, for example, duty to comply with a legal obligation, or for the establishment, exercise or defence of legal claims.

4.5 RIGHT TO RESTRICT PROCESSING OF THEIR DATA FOR DIRECT MARKETING PURPOSES

In certain circumstances, you can limit the way we use your data. This is an alternative to requesting the erasure of your data. Where you have a particular reason for wanting the restriction (for example where you think that the personal information, we hold about you may be inaccurate or where you think that we no longer need to process your personal information) you are entitled to ask us to stop using your personal information.

4.6 RIGHT TO DATA PORTABILITY

In certain circumstances, you have the right to ask that we transfer any personal information that you have provided to us to another third party of your choice if this is technically feasible. Once transferred, the other party will be responsible for looking after your personal information.

There will not usually be a charge for dealing with these requests.

4.7 RIGHT TO OBJECT

You have the right to object to us processing your information where we are processing data in connection with our business. In such cases, we will stop processing unless we can demonstrate compelling legitimate grounds for continuing the processing which override your interests.

If you have concerns about how we are using your information and believe that this should stop, you can email us at [email protected]

4.8 RIGHTS IN RELATION TO AUTOMATED DECISION MAKING AND PROFILING.

Some of our decisions are made automatically by inputting your personal information into a system or computer and the decision is taken using automatic processes rather than our employees making those decisions. We may use automatic processes, for example, to verify your identity or to decide your premium.

You have a right not to be subject to automated decision-making, including profiling, and can object to such automated decision-making, including profiling by emailing us at [email protected]

Notwithstanding the above, please bear in mind that in some circumstances, if you opt out of the automated decision-making, we may not be able to offer you a quote or policy as some automated decisions are necessary to provide your policy(ies).

4.9 THE RIGHT TO WITHDRAW CONSENT

For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information, subject to the data concerned not being essential for future processing (please note we may not be able to process your policy(ies) if you withdraw your consent). In these circumstances, the Subject Access and Consent Withdrawal Procedure must be followed.

4.10 THE RIGHT TO LODGE A COMPLAINT

You have a right to complain to the relevant data protection agency in our main countries of operation (Commission Nationale pour la Protection des Données – Luxemburg, Information Commissioner’s Office – United Kingdom) or any other relevant data protection agency which may be, from time to time, entitled to resolve such complaint, if you object to the way in which we use your personal information.

5. INFORMATION SHARING

 

We might share your personal information with:

  • Barents Re Group affiliate and associate companies: for our general business administration, efficiency, and accuracy purposes or for the prevention and detection of fraud.
  • Third parties (outside our Group): limited to sharing of the information necessary for the proper execution of our business. For example: brokers, insurers, other reinsurers, other companies who act as insurance distributors, loss adjusters or other third parties who assist in the administration of insurance policies.

This might include disclosure of your personal information to a third party which will only be made where the third party has agreed to keep your information strictly confidential and shall only be used for the specific purpose for which we provide it to them.

We may also disclose your personal information to other third parties where:

  • we are required or permitted to do so by law or by regulatory bodies or as per any court request; or
  • we understand that such disclosure is required in the overriding public interest.

Any sharing will be kept strictly confidential and will only be used for the reasons described above.

6. INTERNATIONAL TRANSFERS

In some circumstances, we are required to transfer your personal information from within the UK or the European Economic Area (EEA) to non-European Economic Area or non-UK countries (referred to in the GDPR as ‘third countries’) for being necessary for the performance of your contract. Where we transfer your personal information outside of the EEA we will implement the required measures to ensure that your personal information is protected. Such measures may include entering into Standard Contractual Clauses with the party we are transferring personal information.

For your protection and the protection of your personal data, such data transfers are subject to appropriate safeguards pursuant to and in accordance with the statutory requirements (especially application of EU Standard Contractual Clauses), or the EU Commission has issued an adequacy decision (Art. 45 GDPR).

For information on EU Standard Contractual Clauses, refer to :

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF

The EU Commission makes the information on its adequacy decisions available under https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu

Moreover, we are under the statutory obligation to provide personal data to national and international authorities ((Art. 6 (1) c GDPR) in conjunction with local and international regulations and treaties).

7. CHANGES TO THIS NOTICES

We keep this notice under regular review.

From time to time we may need to make changes to this Privacy Notice as a result, for example, of changes in the data protection regulations. You should check the Barents Re website periodically to view the most up to date Privacy Notice.

 

April 2022