Who we are
We are MSIG Specialty Marine NV, a company incorporated under Belgian law having its registered office in Belgium, 1030 Brussels, Koning Albert-II laan 37, and registered in the Crossroads Bank for Enterprises under number 0670.726.393 (hereinafter “we”). We have branches in the Netherlands, France, the UK and Germany.
We seek to comply with the principle of "data minimisation". This means we work to ensure that we avoid collecting or processing data other than the types and volume of personal data required to achieve the purposes set out in this Privacy Notice. We also use a combination of technical and organisational measures to protect information in line with our obligations under data protection laws. Our staff receives training to help us comply with data protection laws and safeguard your privacy.
How to contact us
We can be contacted via post and email at the below addresses.
Post:
The Data Protection Officer
MSIG Specialty Marine NV
Koning Albert-II laan 37
1030 Brussels
BELGIUM
Email: privacy@msigmarine.com
Our Data Protection Officer will handle any questions you may have on the use of your personal data and your rights.
Your rights
You have the right:
to be informed about the processing of personal data related to you
to obtain a copy of your personal data held by us
to have any incorrect personal data updated
to request the erasure of any of your personal data
to restrict the use of your personal data
to object to the use of your personal data
to request the personal data you provided to us to be moved to another organisation
not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. See below for more information on “Automated decision making and profiling”.
If you wish to exercise any of these rights please contact us stating your request, verifying your identity and providing your contact details. In order for us to respond to your requests effectively and efficiently, contact the Data Protection Officer using the details above.
We aim to respond to all valid requests within one month. It may take us longer if the request is particularly complicated or you have made several requests. We will let you know if we think a response will take longer than one month. We may also ask you to provide more detail about what you want to receive or are concerned about.
We may not always be able to do what you have asked. This is because your rights will not always apply, e.g. if it would impact the duty of confidentiality we owe to others, or if the law allows us to deal with the request in a different way. We will always explain to you how we are dealing with your request. In some circumstances (such as the right to erasure or withdrawal of consent), exercising a right might mean that we can no longer provide our products to you.
Complaints about our use of your personal data
We take complaints made to us seriously. We would expect that any complaint can best be dealt with by contacting us in the first instance. However, if you wish to complain about our use of your personal data, and do not wish to contact us first, you also have the right to complain directly to the relevant supervisory authority. The competent supervisory authority depends on your situation. Full details on the supervisory authorities of the following countries can be found on the websites hereunder:
UK
https://ico.org.uk/
France
https://www.cnil.fr/fr
Germany
https://www.bfdi.bund.de/
Belgium
https://www.dataprotectionauthority.be/
Netherlands
https://autoriteitpersoonsgegevens.nl/nl
Singapore
https://www.pdpc.gov.sg/
Updates to this Notice
This Privacy Notice is updated from time to time to take account of changes in our business activities, legal requirements and to make sure it’s as transparent as possible.
Information about you and how we use it
Types of personal data we hold
We capture and process a variety of different types of personal data depending on the nature of the services involved. This may include:
Type of Personal Data
Example
Individual details
Name, address, email address, telephone numbers, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you and other details related to your status as an ultimate beneficial owner
Official identification details
Identification numbers issued by government bodies or agencies, including your national insurance number, passport number, enterprise number, tax identification number and driving licence number
Financial information
Bank account number, income or other financial information
Risk details
Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include data related to the crew (including individual details of the crew members) and criminal convictions
Policy information
Information about the quotes you receive and policies you take out
Anti-fraud data
Sanctions, criminal offences and information received from various anti-fraud databases relating to you (including claims history, trustworthiness and morality)
Previous and current claims
Information about previous and current claims, (including other unrelated insurances), which may including data relating to your health, data related to the crew (including individual details of the crew members) and criminal convictions
Sometimes we may need to process special categories of personal data. These are certain types of personal data which require additional privacy protection, such as biometric data and health data. Personal data and special category data may be required to allow us to provide a quote, underwrite your policy or consider your claim. For example, health data are needed to handle injury claims.
We collect data about children in some circumstances, e.g. where a child is a claimant.
Sources of personal data
We may obtain personal data directly from you, including from applications and claims forms that you complete, communications between us, your participation in market research, your use of our website, as well as details from the devices you use to interact with our website, if relevant.
We may also receive your information from our policyholders e.g. when:
you are a joint policyholder, or otherwise a beneficiary under a policy;
you are witness to an incident;
you are claiming against one of our policyholders;
one of our policyholders is claiming against you;
you are providing professional services e.g. as a medical expert.
We may also obtain personal data from third parties, including:
Third parties who provide you with services relating to your product or claim;
Third parties who provide us, or a third party insurer relevant to your product or claim, with services, e.g. loss adjusters, claims handlers, legal advisers, banks and private investigators;
Third parties involved in your product or claim, e.g. other insurers, brokers, claimants, defendants and witnesses to an incident;
Healthcare providers;
Financial crime, fraud or uninsured detection agencies, databases and sanctions lists, including the Claims and Underwriting Exchange (CUE), No Claims Discount Database and Insurance Fraud Bureau (IFB);
Government agencies and regulatory bodies including the police, the courts, the Crossroads Bank for Enterprises (CBE), the Financial Services and Markets Authority (FSMA), the KBIS register, the ORIAS register, ), Companies House and HM Revenue & Customs (HMRC);
Third parties who provide us with details of individuals who have expressed an interest in hearing about insurance products;
Third parties who provide services in relation to your policy or claim, including checking no claims discounts;
Third parties who help us maintain the accuracy of our data, e.g. by identifying individuals who are deceased, updating contact details for individuals who have moved;
Publicly available sources including the Office for National Statistics (e.g. census data) and other data made available under the Open Government Licence, internet searches, news articles, online marketplaces and social media sites, apps and networks (e.g. Twitter, Facebook and Instagram); and
Providers of marketing and advertising services.
Why we use your personal data
We collect your personal data to help us with advising on, arranging, underwriting or administering an insurance contract or administering a claim under an insurance contract. Specifically:
1. Advising on, arranging and underwriting your policy, including:
Understanding your insurance requirements to offer you a product that matches your needs and circumstances
Gaining a reasonable understanding of the nature of the risk to be covered by the policy
Providing competitive and appropriate pricing
Contacting you to renew your policy for another year
Processing payments and refunds
2. Administering your policy, including:
Managing any changes to your policy
Providing and improving client services as appropriate, including by recording and monitoring telephone calls
Maintaining contact with you and relevant third parties, for issues relating to your policy and general customer contact
3. Administering your claims, including:
Registering your claims
Assessing your claims, including any liaison with third parties potentially involved in your claims, e.g. communications regarding car repairs or health information
Running due diligence checks e.g. money laundering, claims history, trustworthiness and morality
The investigation of fraudulent claims
The defence of or prosecution of valid and legal claims
4. Compliance with legal requirements
We must comply with legal requirements, which include the following:
legal obligations to prepare contract documents and to keep them on record throughout certain statutory retention periods.
legal obligations to deploy all possible means to prevent and uncover instances of money laundering and report them to the authorities. We must therefore take the necessary steps for this.
legal obligations to screen customers and other parties (e.g. persons to whom payments are made) against sanctions lists in the context of the part they play in fighting terrorism and their obligations under sanctions rules.
we can use personal data for the purposes of checks, investigations and opinions in areas subject to compliance considerations (such as prevention of money laundering and fraud, investor and consumer protection and data protection).
legal obligations to be able to respond correctly when you exercise your rights under the data protection legislation. We are also required to answer questions from the Data Protection Authority, for example, in the event of complaints.
legal obligations to submit reports to and be able to answer questions from the regulators of financial institutions, such as the Belgian Financial Services and Markets Authority (FSMA).
legal obligations to respond to enquiries put to them by the courts administration (covering law enforcement right from the police, the office of the public prosecutor, investigating judges and trial courts). These concern questions in the context of police legislation and (criminal) judicial procedure (including the Criminal Procedure Code).
in order to comply with the European Directive on the protection of whistle-blowers, we may process personal data taking into account the obligations regards whistle-blowers’ confidentiality and anonymity during and after the investigation, and reports the result internally and to the relevant authorities.
5. Marketing
We may use personal data to send direct marketing communications about our products and services that we feel you’ll be interested in. This may include communications about promotions, trainings, seminars and activities.
Marketing communications may be sent by email, post and push notification. You may also see display advertising on websites, mobile applications, social media or in online search results. You have control over our use of your personal data in relation to marketing communications. You can:
'Opt out' of receiving direct marketing.
Change your marketing preferences at any time by emailing the Data Protection Officer at privacy@msigmarine.com.
6. Allowing us to operate effectively as a company
In addition to the purposes set out above, we have certain ulterior legitimate interests on the basis of which we process personal data. In that regard, we ensure that the impact on your privacy is kept to a minimum and that, in all events, our legitimate interests remain proportionate to the impact that upholding them has on your privacy. However, if you object to this data being processed, you can exercise your right to object. We will respect your objections, unless we have compelling reasons for not doing so. There are various situations in which we process personal data, including the following:
we use your personal data for the administration, (risk) management and oversight of our organisation, such as the legal department (including dispute management and legal risks), risk management (such as insurance risk calculations vis-à-vis customers and groups of customers worldwide), risk functions (e.g., compliance, for all duties not strictly required by law but that are in fact necessary or useful) and inspections and internal and external audit. We retain personal data for possible future evidential use. Storage may be entrusted to outside third parties.
we use your personal data to manage complaints, including to allow us to respond to any live complaints, or challenges you or others might raise later, for internal training and monitoring purposes and to help us to improve our complaints handling processes. We may be obliged to forward details about your complaints, including your personal data, to the appropriate authorities, e.g. the relevant ombudsman.
we use your personal data to conduct analyses (e.g. of our customers and the products they select) and generate statistics for various purposes such as more effective internal control, fraud analysis and combating fraud, risk analysis, security and other non-commercial purposes.
we use your personal data for internal and regulatory reporting, for risk management, for the organisation of internal controls, and to defend rights and communicate as a company.
we may also process your personal data within the scope of the decision to terminate a customer relationship if there is a serious breach of trust, for example, in the case of identified actions that are inconsistent with fraud-related regulations or ethical principles.
we may use your personal data for the testing of our systems and processes where imitation data is unavailable. Testing which uses personal data will only by carried out in limited circumstances and only when appropriate safeguards and controls have been put in place
we may utilise personal data to support and simplify the processes of customers beginning to use, using and ceasing to use products and services, including avoiding resubmitting information you’ve already submitted.
we may also utilise personal data for determining, exercising, defending and preserving our rights or the rights of persons we might represent (e.g., in disputes).
we can use your personal data to create synergy, increase efficiency and produce other benefits for our organisation and processes.
Our legal bases for processing your personal data
We are committed to collecting and using personal data in accordance with applicable data protection laws. In certain countries, by law, we must have a legal justification, known as a lawful basis, in order to use your personal data for the purposes described in this Privacy Notice. Depending upon the purpose, our lawful basis will be one of the following:
Performance of a contract - to arrange, underwrite or manage our products, or handle claims in accordance with their terms;
Compliance with a legal obligation - to meet responsibilities we have to our regulators, tax officials, law enforcement, or other legal responsibilities;
Legitimate interests - to operate and improve our products and services and keep people informed about our products and services or for any other purposes we identify as appropriate to our business needs, or those business needs of a third party;
Consent - where we have obtained appropriate consents to collect or use your Personal Information for a particular purpose.
Where we rely on legitimate interest as our lawful basis, we are required to carry out a balancing test to ensure that our interests, or those of a third party, do not override the rights and freedoms that you have as an individual. The outcome of this balancing test will determine whether we can use your personal data for the purposes described in this Privacy Notice.
Our legal bases for the use of Personal Information, where required:
Purpose
Lawful basis for processing personal data
Communicating with you and others including complaints handling
Performance of a contract
Compliance with a legal obligation
Legitimate interests
Evaluating your application or renewal or to provide a quote
Performance of a contract
Legitimate interests
Provision of our services and administration of a policy including taking payment
Performance of a contract
Compliance with a legal obligation
Legitimate interests
Managing third party relationships
Performance of a contract
Legitimate interests
Management of claims
Performance of a contract
Compliance with a legal obligation
Legitimate interests
Financial or other crime, fraud checks
Performance of a contract
Compliance with a legal obligation
Legitimate interests
Improving quality, training and security
Legitimate interests
Managing our business operations e.g. accounts, financial analysis, IT applications and systems decommissioning, internal audit
Compliance with a legal obligation
Legitimate interests
Marketing preferences
Legitimate interests
Consent
Where we collect and use special categories of personal data we may be required to have an additional, specific lawful basis to process such information. We usually rely upon one of the following legal bases:
Reasons of substantial public interest:
insurance purposes – including advising on, arranging, underwriting and administering contracts of insurance, administering claims under a contract of insurance and exercising rights, or complying with obligations that arise in connection with contracts of insurance;
complying, or helping someone else comply with, a regulatory requirement relating to unlawful acts and dishonesty - including regulatory requirements to carry out money laundering checks;
preventing or detecting unlawful acts – including disclosures to competent authorities;
preventing fraud – including investigating alleged fraud;
safeguarding the economic well-being of certain individuals – including where we identify additional support required by our customers;
equality of opportunity or treatment – including where we need to keep under review the equality of treatment of customers with additional support needs.
Necessary to establish, exercise or defend a legal claim – including where we are faced with legal proceedings, we bring legal proceedings ourselves or where we are investigating legal proceedings that a third party has brought against you;
Information has been clearly or obviously made public by you.
Where we cannot rely on one of the above lawful bases to process your special categories of personal data for a particular purpose, we will seek your explicit consent.
Who we share personal data with
To allow us to meet our obligations and effectively provide our services to you, it may be necessary to share your personal data with other companies within the MS Amlin group as well as external parties. These external parties may include:
Anti-fraud databases
Claims handlers
Lawyers and Solicitors
Industry bodies
Loss adjusters
External parties involved in the claim
Private investigators
The police and law enforcement
The statutory auditor
External parties involved in the investigation, defence or prosecution of claims
Other insurers (under court order or to prevent and detect fraud)
Regulatory Authorities, e.g.the Financial Conduct Authority, the Information Commissioner’s Office, the Data Protection Authority and other regulators as required by law
Our suppliers and sub-contractors for the performance of any contract we have with them
Reinsurers
Your data will be shared securely, and only when absolutely necessary. It will never be sold on to external parties or organisations for marketing purposes.
If you give us false or inaccurate information and we suspect fraud, we will record this to prevent further fraud and money laundering. This may be shared between insurers and with fraud prevention agencies and databases.
Ongoing storage and use of your personal data
We will not keep personal data for longer than necessary for the purpose for which it is processed. It will be retained in accordance with our Data Retention Policy. Laws or regulations may require us to keep records for specific periods of time. We may also need to keep records in order to administer the insurance relationship, to fulfil our contractual or statutory obligations or to resolve queries or disputes which may arise.
We will store your personal data based upon the following criteria:
Whether the personal data is actively required for the purposes stated in this Data Privacy Notice
Whether there is a legal or regulatory reason to continue to retain the personal data
International data transfers
In principle we do not transfer or share your data outside the European Economic Area, the United Kingdom or Switzerland. When personal data are transferred outside the EU, we only transfer your personal information to countries that are considered by those laws to provide an adequate level of protection or otherwise where we have established or confirmed that all data recipients will provide an adequate level of data protection, in particular by way of entering into appropriate data transfer agreements based on Standard Contractual Clauses (e.g., Commission Implementing Decision (EU) 2021/914) and other suitable measures, which are accessible from us upon request.
Automated decision making and profiling
In some cases we use an automated decision making process to generate a quote to provide you with an insurance service; this process will use the information which you have provided to us, other records we hold about you in our systems and data sourced from third parties to make predictions, including the likelihood that a claim will be made and its value, the likelihood a product will be purchased and the likelihood that a claim might be fraudulent, to make an overall assessment of your application. This assessment will consider the level of risk involved and if applicable, generate a quote for the insurance service. We also make automated decisions throughout the life of your policy, e.g. before offering you a renewal or when dealing with a claim.
We use profiling and data analysis to build, train, market and audit our services.
The automated decision making and profiling process is regularly tested to ensure it remains fair, effective and unbiased. If you object to the use of automated decision making or require information about the logic involved in relation to the decision, to challenge it or would like to exercise the right to human intervention, please call us on the telephone number displayed on the quote generation page or contact our Data Protection Officer at privacy@msamlin.com
Last updated: December 2023
