Inigo Data Privacy Notice.

Navigating this notice.

The following index covers the contents of this notice, following the links below will take you to that section of the notice: 

  1. Overview, Scope and Data Protection Officer (DPO) contact information 
  2. Data Protection Principles
  3. Types of personal data we process and hold
  4. Why we use your personal data
  5. Processing of Special Category of Data
  6. Where we might collect your personal data from
  7. Who we share personal data with
  8. International data transfers
  9. Ongoing storage and use of your personal data
  10. Information Security
  11. Your data subject rights
  12. Right to withdraw consent
  13. Complaints
  14. Insurance Industry and Data Processing
  15. Use of Cookies
  16. Web analytics
  17. Search engine
  18. Changes to this Privacy Notice Privacy Notice
  1. Overview, Scope, and Data Protection Officer (DPO) contact informationinciples

Inigo Limited and its subsidiaries (hereafter referred to as “Inigo”) values its customers and is committed to protecting and respecting your privacy, and the lawful and correct treatment of personal data. This Data Privacy Notice informs and explains how Inigo will process and protect any personal data we collect or receive about you. Please read this Data Privacy Notice carefully to understand our practices regarding personal data.

The scope of this notice applies to personal data provided by data subjects of the following categories: 

  • Inigo’s customers; policyholders and claimants.
  • third parties that Inigo works with including brokers, Coverholders and Managing General Agents (MGAs), third party services providers (TPAs) and Delegated Claims Administrators (DCAs); and
  • Others including third party claimants, complainants, job applicants and visitors to our offices or website. 

Inigo has a separate notice applicable to its employees and contractors which is shared with them upon joining Inigo. 

Your personal data has either been, or will be collected by, or transferred to, Inigo. We can be contacted via post or by email at the below addresses. We aim to respond to all correspondence within thirty (30) days.

The Data Protection Officer
Inigo Limited
7th Floor, 1 Creechurch Place

Email: [email protected]

The Inigo Data Protection Officer will handle any questions you may have on the use of your personal data and your rights as a data subject. This is covered in further detail under the “Your Data Subject Rights” section of this notice.

  1. Data Protection Principles

In relation to your personal data, we will: 

  • process it fairly, lawfully and in a clear, transparent way.
  • collect your data only for reasons that we find proper for the course of your employment in ways that have been explained to you.
  • only use it in the way that we have told you about.
  • ensure it is correct and up to date.
  • keep your data for only as long as we need it; and
  • process it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed.
  1. Types of personal data we process and hold.

We capture and process several types of data, including personal data, depending on the nature of the services involved. This includes, but is not limited to, the following types of data:

Types of Personal DataExample
Individual DetailsName, address, other contact details (e.g., email and telephone numbers), gender, marital status, date and place of birth, nationality, health, national unique identifier e.g., national insurance number, social security or Public Service number, passport number, driving licence number, employer, job title and employment history, and family details, including their relationship to you.
Financial and Credit InformationBank account or payment card details, income or other financial information, credit history, and credit score.
Risk DetailsInformation about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include criminal convictions and offences, data relating to your health, or that of the people to be covered, or other special categories of personal data.
Policy InformationInformation about the quotes you receive and policies you take out.
Anti-Fraud DataSanctions and criminal convictions and offences, and information received from various anti-fraud databases relating to you or those seeking cover.
Previous and Current ClaimsInformation about previous and current claims, (including other unrelated insurances), which may include data relating to criminal convictions and offences, your health, or other special categories of personal data and in some cases surveillance reports.

Sometimes we may need to process special categories of personal data. These are certain types of personal data which require additional privacy protection. The special categories are:

  • Racial or ethnic origin.
  • Political opinions.
  • Religious or philosophical beliefs.
  • Trade union membership.
  • Genetic or biometric data.
  • Health data; and
  • Sex life or sexual orientation.

Criminal convictions and offences data also requires additional privacy protection.

Personal data including special category and criminal convictions and offences data may be required to allow us to provide a quote, underwrite your policy, consider your claim, or provide other insurance services.

  1. Why we use your personal data.

To fulfil our contract with you and to comply with legal and regulatory obligations.

We collect your personal data to help us with advising on, arranging, underwriting or administering an insurance contract or administering a claim under an insurance contract. Specifically:

a. Advising on, arranging and underwriting your policy, including:

  • Engaging with you when you or someone acting on your behalf asks us for a quote and are considering entering into a contract.
  • Understanding your insurance requirements to offer you a product that matches your 
needs and circumstances.
  • Gaining an understanding of the nature of the risk to be covered by the policy including. 
risk modelling and statistical use.
  • To allow us to perform the essential practice and process of underwriting.
  • Providing competitive and appropriate pricing.
  • Performing credit or money laundering checks or other checks required by law; and
  • Fraud prevention.

b. Administering your policy, including:

  • Managing any changes to your policy.
  • Providing and improving services under and associated with the insurance contract as appropriate; and
  • Maintaining contact with you, for issues relating to your policy and general customer contact.

c. Administering your claims, including:

  • Registering your claims.
  • Assessing your claims, including any liaison with third parties potentially involved in your claims, e.g., communications regarding health information.
  • Running due diligence checks e.g. credit or money laundering.
  • The investigation of fraudulent claims; and
  • The defence of or prosecution of valid and legal claims.

d. Recruitment of new employees:

  • Processing an employment application.
  • Assessing your suitability for employment.
  • For assessments, tests, or occupational profiles; and
  • Providing or requesting employment references.

e. To comply with other legal or regulatory obligations, including:

  • due diligence and reporting obligations; and
  • responding to binding requests from regulators, law enforcement authorities or other government authorities.

To pursue our legitimate interests

We may process personal data to pursue our legitimate interests in providing insurance services, improving our services, to ensure we price our products appropriately, to manage risk, to manage our business efficiently, to perform audits, and to maintain accurate records. Specific legitimate interests include:

  • The testing of our systems and processes where imitation data is unavailable. Testing which uses personal data will only by carried out in limited circumstances and only when appropriate safeguards and controls have been put in place (e.g., limiting the use of real personal data, anonymisation, prompt deletion after testing is complete etc.).
  • Analysing our clients and the products they select.
  • For reinsurance purposes.
  • To audit our business; and
  • Transferring books of business, company sales and reorganisations.

With your consent

We may process personal data for marketing purposes where you have consented and expressed a preference to receive such marketing communications. We keep a record of your consent in line with our record retention policies. 

  1. Processing of Special Category of Data

We will only process special category data when we have a lawful basis for doing so and in line with legal or regulatory requirements that we are required to meet. This includes instances where:  

  • This data is processed in relation to fitness and probity checks to meet our obligations under the Senior Managers and Certification Regime. 
  • It is in the substantial public interest and it’s necessary for an insurance purpose (e.g., assessing your insurance application and managing claims) or to prevent and detect an unlawful act (e.g., fraud).
  • To establish, exercise or defend legal claims (e.g., when legal proceedings are being brought or threatened against us or we want to bring a legal claim ourselves); and
  • Where we have asked for your explicit consent.

Inigo maintains Appropriate Policy Document (APD) to be in place when processing special category (SC) and criminal offence (CO) data under certain specified conditions, which is included as an appendix to Inigo’s Data Protection Policy. 

  1. Where we might collect your personal data from

We collect your personal data from various sources including:

  • You.
  • Your family members, employer or representative.
  • Other insurance market participants such as: authorised agents, brokers, TSPs, reinsurers, other insurers, legal advisers, loss adjusters and claims handlers.
  • Credit reference agencies.
  • Anti-fraud databases, sanctions list, court judgements and other databases.
  • Government agencies; and
  • In the event of a claim, third parties including any other party to the claim (such as a claimant/defendant), witnesses, experts (including medical experts), loss adjustors, legal professionals, and third-party claims handlers.

Which of the above sources apply will depend on your particular circumstances.

  1. Who we share personal data with

To allow us to meet our obligations and effectively provide our services to you, it may be necessary to pass your personal data onto external parties. These external parties may include:

  • Reinsurers and/or Reinsurance Brokers
  • Consortium Partners or other insurers who are subscription market participants.
  • Credit reference agencies.
  • Anti-fraud databases.
  • Claims handlers.
  • Legal professionals.
  • Loss adjustors.
  • External parties involved in the claim.
  • Private investigators.
  • The police and law enforcement.
  • External parties involved in the investigation, defence or prosecution of claims.
  • Other insurers (under court order or to prevent and detect fraud).
  • Regulators and Supervisory Authorities; and
  • Our third-party suppliers and sub-contractors for the performance of any contract we have with them.
  1. International data transfers

As Inigo is a global insurer, we may transfer or share your data outside the UK or European Economic Area (“EEA”) for our operational procedures, including countries that may not offer an equivalent level of protection to that applicable within the UK or EEA. It may also be processed by staff operating outside the EEA who are working for us or one of our suppliers. We will always take steps to ensure your data is treated and transferred securely with appropriate safeguards and controls in place. We will exercise due diligence in selecting the recipients outside the UK or EEA and will require, through appropriate contractual measures (e.g., data transfer contracts based on standard European Commission clauses together with appropriate supplementary measures), that they comply with adequate organisational and technical security measures to protect personal data and process them only in accordance with our instructions and not for other purposes.

  1. Ongoing storage and use of your personal data

We will not keep personal data for longer than necessary for the purpose for which it is processed. It will be retained in accordance with our Record Retention Policy. Applicable laws and regulations may require us to keep records for specific periods of time, subject to certain exceptions. We may also need to keep records in order to administer the insurance relationship, to fulfil our contractual or statutory obligations or to resolve queries or disputes which may arise.

  1.  Information Security

We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.

  1.  Your data subject rights.

You have the right to:

  • Obtain a copy of your personal data held by Inigo.
  • Have any incorrect personal data corrected.
  • Request the erasure of any of your personal data.
  • Restrict or object to the use of your personal data, including profiling and automated individual decision-making.
  • Request the personal data you provided to Inigo to be moved to another organisation.
  • Object to direct marketing.
  • Withdraw consent for us to process your personal information (see below for further details); and
  • Lodge a complaint with the ICO (see below for further details).

There is no charge for you exercising your right to access your personal data and the other rights listed above. However, we may charge a reasonable fee in certain circumstances. If you wish to exercise any of these rights, please write to us using the contact details stated in section 1, stating your request and contact details.

If you contact us regarding the exercise of these rights, we will seek to action your wishes. There may be, in some cases (particularly where the request relates to the restriction of use of personal data, the objecting to the use of personal data or the erasure of the data) reasons why we are not able to fully comply with your request, particularly where we are required to keep and use that data to comply with contractual, legal or regulatory requirements.

  1.  Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing, and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent please write to us using the contact details stated in section 1, stating your request and contact details.

Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another lawful basis for doing so. We will write to you to explain any circumstances where we may continue to process your data using another lawful basis. 

  1.  Complaints concerning your data.

Inigo is committed to providing high quality products and services, which extends to the processing of your data. If you feel that we have not met your expectations in that regard, we’d like to know so we can put things right for you. You can submit a complaint, please write to us using the contact details stated in section 1, stating your request and contact details.

We would expect that any complaint can best be dealt with by contacting us in the first instance, and we will take complaints made to us seriously. However, if you wish to complain about our use of your personal data, and do not wish to contact us first, you also have the right to complain directly to the supervisory authority. Full details on this can be found on the following website:

  1.  Insurance Industry and Data Processing

Further details of how the insurance industry uses and processes data can be found on the Lloyds website via the core uses information notice. Please note that this is a third-party website and Inigo is not responsible for the content.

  1.  Use of Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

We use cookies on our websites so that we can track how users navigate through our sites, and in order to enable us to evaluate and improve our sites. We use this information to compile statistical data on the use of our websites, but the information obtained is used on an anonymous, aggregated basis and you cannot be identified from this. Cookies cannot look into your computer and obtain information about you or your family or read any material kept on your hard drive and cookies cannot be used to identify who you are.

You are not obliged to accept a cookie that we send to you, and you can in fact modify your browser so that it will not accept cookies. However, if you select this setting, you may be unable to access certain parts of our site. For more information about cookies including how to set your internet browser to reject cookies please follow the instructions below:

  • Internet Explorer: Tools button > Internet options > Privacy > Settings > Advanced.
  • Mozilla Firefox: Menu button > Options > Privacy & Security > History > Use custom settings for history.
  • Google Chrome: More button > Settings > Advanced > Privacy and security > Content settings > Cookies.
  • Apple Safari: Preferences > Privacy.
  1.  Web analytics

In order to develop our site in line with our customers’ needs, Inigo keeps a track on which pages on our website are visited most frequently and how long visitors spend on our site. We use this information to help improve the site.

We never gather other information from your disk or computer. We collect a copy of the data held by the cookie for inclusion in any analysis. We use full SSL protocols when collecting visitor information on secure pages; this ensures that the site’s security is not compromised. We encrypt all transmitted visitor information (even from non-secure pages), so no-one else can read the information we gather. 

We use Google Analytics, a web analytics service provided by Google, Inc. and WebTrends to analyse website traffic. Google Analytics and WebTrends set a cookie in order to evaluate your use of this site. Google and WebTrends store the information collected by the cookie on servers in the United States, European Union Member States and other countries. Google and WebTrends may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s and WebTrends’ behalf. 

Google and WebTrends will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google and WebTrends will not associate your IP address with any other data held by Google or WebTrends. Inigo use Google Analytics and WebTrends to optimise this site and improve the service we provide to our visitors. More information about how to reject or delete this cookie may be found here:

  1.  Search engine

The search engine on our website is designed to be powerful and easy to use. The search is made possible by a piece of hardware (a search ‘appliance’) that is plugged into our server and continuously indexes the content on our site. All search requests are handled by the appliance and the information is not passed on to any third party.

  1.  Changes to this Privacy Notice

If we change our privacy notice in any way, we will post these changes on this page. You are responsible for checking this privacy notice whenever you access this Site.

  1. Definitions

The following terms are used within this document and are defined here:

  • Children

When we refer to a child, we mean anyone under the age of 18. This is in accordance with the UN Convention on the Rights of the Child which defines a child as everyone under 18 unless, “under the law applicable to the child, majority is attained earlier” (Office of the High Commissioner for Human Rights,1989). The UK has ratified this convention.

  • Consent

Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

  • Data Controller

A data controller is an organisation that has full authority to decide how and why personal data is to be processed, and that has the overall responsibility for the data. This includes deciding on use, storage, and deletion of the data.

  • Data Processor

A Data Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller. They act under the authority of a Data Controller and serve the Data Controller’s interests rather than their own. Data Subject. 

  • Data Protection Impact Assessments (“DPIAs”)

A DPIA is a process to help identify and minimise the data protection risks of a process / project.  It is required for processing that is likely to result in a high risk to individuals. It should describe the nature, scope, context, and purposes of the processing; assess necessity, proportionality, and compliance measures; identify and assess risks to individuals and identify any additional measures to mitigate those risks.

  • Data Subject

A Data Subject is a living individual who is the subject of personal data.

  • Personal Data

Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

  • Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

  • Profiling

Profiling means any form of automated processing of personal data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement.

  • Special Categories of Data

Special category data is personal data which the data protection law says is more sensitive, and so needs more protection. For example, information about an individual’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life, or sexual orientation.  Nationality is also included under US requirements, and therefore is categorised as Sensitive Information for all Inigo regions for consistency.

  • Third Party

Third Party means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process Personal Data.