This notice explains how your data will be collected and dealt with, and your rights concerning that data. In this notice, ‘we’, ‘us’ or ‘our’ refers to HDI Global Specialty SE and its agents, co-insurers and reinsurers. ‘You’ or ‘your’ refers to the individual whose personal data we are processing.


1. Responsible data controller

      HDI Global Specialty SE
      Roderbruchstraße 26
      30655 Hannover
      Germany
      Tel. +49 511 5604-2909

HDI Global Specialty SE is a Data Controller as defined under the EU General Data Protection Regulation (‘GDPR’).

You can reach our Data Protection Officer by post at the aforementioned address (please include the additional address line "Data Protection Officer") or by e-mail via our data privacy group mailbox:
E-mail: privacy-hgs@hdi-specialty.com


2. Personal data we may collect about you

  • Individual details such as name, address, proof of address, contact details (including emails and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title, employment history and family details (including their relationship to you)
  • Identification numbers issued by government bodies, agencies or similar such as national insurance, passport, tax identification or driving licence numbers
  • Financial information such as bank account or payment card details, income or transaction histories
  • Insurance policy information including information about quotes you receive and policies you take out
  • Credit and anti-fraud data including credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you
  • Information about previous and current claims (including in connection with other related or unrelated insurance) which may include data about your health, criminal convictions, or special categories of personal data and, in some cases, surveillance reports
  • Technical information including your computer’s IP address
  • Special categories of personal data which have additional protection under the GDPR, namely health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation

3. Where we may collect your personal data from

We may collect your personal data from various sources:

  • You (including, from time to time, recordings of your telephone calls with us)
  • Your family members, employer or agent/representative (including your broker)
  • Our agents, other insurers, insurance brokers, or reinsurers
  • Credit reference agencies
  • Websites or software applications for use on computers or mobile devices and/or social media content, tools and applications
  • Anti-fraud databases, sanctions lists, court judgments and other databases
  • Government agencies
  • Any open electoral register; or
  • In the event of a claim, third parties including the other party or parties to the claim, witnesses, experts, loss adjusters, solicitors, claims handlers, translators, surveillance agents, engineers and others

4. Identities of Data Controllers and Data Protection Contacts

The operation of the insurance market means that personal data may be shared between insurance brokers, insurers, reinsurers and other market participants. You can find out the identity of the controller or controllers of your personal data in the following ways:

  • If you took out the insurance yourself, get in touch with the data protection contact at your insurance broker or the entity you dealt with in taking out the insurance
  • If your employer or another organisation took out the insurance for your benefit, you should get in touch with the data protection contact at your employer or the organisation that took out the insurance
  • If you are not a policyholder or an insured under the insurance, you should get in touch with the organisation that collected your personal data

5. The purposes, categories, legal grounds and recipients of our processing your personal data

Your personal data may be processed for the following purposes:

Quotation/inception:

  • Setting you up as a client, including possible fraud, sanctions, credit and anti-money laundering checks
  • Evaluating the risks and matching them to appropriate policy terms/premium
  • Payment of premium where the insured is an individual

Policy administration:

  • Client care, including communicating with you and sending you updates
  • Payments to and from individuals


Claims processing:

  • Managing insurance and reinsurance claims
  • Defending or prosecuting legal claims or regulatory proceedings
  • Investigating or prosecuting fraud

Renewals:

  • Contacting you/the insured to renew the insurance
  • Evaluating the risks and matching them to appropriate policy terms/premium
  • Payment of premium where the insured is an individual


Other purposes including:

  • Complying with our regulatory or legal obligations
  • Risk modelling
  • Effecting reinsurance contracts
  • Transferring books of business, company sales, restructuring and reorganisation


We may also disclose personal data to the following non-exhaustive list of entities:
reinsurers, financial institutions, service providers, contractors, agents, tax authorities, law enforcement and other regulators and group companies in connection with the above purposes. You will find the current list of service providers and our companies who participate in data-processing operations here on our website or by emailing privacy-hgs@hdi-specialty.com.

We process your data on one of the following legal grounds:

  • in order to place and operate the contract(s) of insurance;
  • where a legitimate interest to do so has been identified for which processing of your data is necessary and which balances your interest, rights and freedoms e.g. protecting you from fraud or personalising the insurance product to you; or
  • where we have a legal obligation to do so e.g. to prevent money laundering.

6. Consent

To provide insurance and deal with insurance claims in certain circumstances we may need to process special categories of your personal data (see 1.8 above), such as medical or criminal records. Your consent to this processing may be necessary to achieve one or more of the purposes set out above.

Where this is the case, you may withdraw your consent to such processing at any time by notifying privacy-hgs@hdi-specialty.com. If you do withdraw your consent, however, this may mean we cannot provide insurance or pay claims.


7. Profiling

When calculating insurance premiums, we may compare your personal data against other data such as industry averages or fraud patterns. Your personal data may also be used to create such other data to ensure, among other things, that premiums align to risk.

We may make decisions based on profiling and without staff intervention (known as automatic decision making).


8. Storage and retention of your personal data

Data is held by us on servers and in printed form, as well as on our behalf in off-site storage facilities. We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected. In particular, so long as there is any possibility that either you or we may bring or face legal claims in connection with the insurance contract(s), or if there are legal or regulatory reasons to retain your data, we must do so.


9. International transfer of data

We may need to transfer your data to third parties outside the European Economic Area. These transfers will be made in compliance with the GDPR.

If you would like further details of how your personal data would be protected if transferred outside the EEA, please contact privacy-hgs@hdi-specialty.com


10. Amendment

We may amend this Privacy Notice from time to time. We will let you know if we make any significant changes.


11. Your rights

If you have any questions about our use of your personal data, please contact the relevant data protection contact as explained above. In certain circumstances you may have the right to require us to:

  • Provide you with further details about the use we make of your personal data
  • Provide you with a copy of the personal data we hold
  • Correct any inaccuracies in the personal data we hold
  • Delete any personal data we no longer have any lawful ground to use
  • Where the processing requires your consent, to withdraw that consent so we stop the processing in question
  • Transfer your personal data to another organisation
  • Object to any processing based on the legitimate interests ground at paragraph 4, bullet point 3 above unless our reasons for that processing outweigh any prejudice to your data protection rights
  • Object to automated processing, including profiling
  • Restrict how we process or use your personal data in certain circumstances e.g. whilst a complaint is being investigated


In certain circumstances we may need to restrict the above rights to safeguard the public interest (e.g. prevention or detection of crime) or our interests (e.g. legal or litigation privilege).

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights, or if you think we have breached the GDPR, you have the right to complain to the relevant national authority, detailed below.

      Germany (lead supervisory authority)
      Die Landesbeauftragte für den Datenschutz Niedersachsen
      Prinzenstraße 5
      30159 Hannover
      Phone: +49 (0511) 120 45 00
      Fax: +49 (0511) 120 45 99
      E-mail: poststelle@lfd.niedersachsen.de
      Website: www.lfd.niedersachsen.de

      Sweden
      Datainspektionen
      Drottninggatan 29
      5th Floor
      Box 8114
      104 20 Stockholm
      Tel. +46 8 657 6100
      Fax +46 8 652 8652
      e-mail: datainspektionen@datainspektionen.se
      Website: http://www.datainspektionen.se/

      Italy
      Garante per la protezione dei dati personali
      Piazza di Monte Citorio, 121
      00186 Roma
      Tel. +39 06 69677 1
      Fax +39 06 69677 785
      e-mail: garante@garanteprivacy.it
      Website: http://www.garanteprivacy.it

      UK
      England
      Information Commissioner’s Office
      Wycliffe House
      Water Lane
      Wilmslow
      Cheshire
      SK9 5AF
      Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
      Website: casework@ico.org.uk

      Scotland
      Information Commissioner’s Office
      45 Melville Street
      Edinburgh
      EH3 7HL
      Tel: 0131 244 9001
      Website: scotland@ico.org.uk 

      Wales
      Information Commissioner’s Office
      2nd Floor
      Churchill House
      Churchill Way
      Cardiff CF10 2HH
      Tel: 029 2067 8400
      Website: wales@ico.org.uk 

      Northern Ireland
      Information Commissioner’s Office
      3rd Floor
      14 Cromac Place
      Belfast
      BT7 2JB
      Tel: 0303 123 1114 (local rate) or 028 9027 8757 (national rate)
      ni@ico.org.uk


12. Contact Us

Head Office:
Data Protection Officer
Roderbruchstraße 26
30655 Hannover
Germany
Tel. +49 511 5604-2909


UK Branch:
Legal & Compliance
10 Fenchurch Street
London
EC3M 3BE
Tel. +44 (20) 7015 4000

Scandinavian Branch:
Legal & Compliance
Hantverkargatan 25
P.O Box 22085
SE-104 22 Stockholm
Tel. +46 8 617-5485

Italian Branch:
Data Protection Officer
Roderbruchstraße 26
30655 Hannover
Germany
Tel. +49 511 5604-2909


Australian Branch - Privacy Policy

We comply with the Privacy Act 1988 (the Privacy Act) and, where applicable, State or Territory legislation in relation to health information. The Privacy Act sets out the requirements for Companies with regard to their handling of your personal information.

The HDI Global Specialty SE - Australian Branch has established a Data Breach Notification Scheme, to ensure that affected individuals are notified about serious data breaches.

A breach occurs where there has been unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals AND this event is likely to result in serious harm to an individual:

  • Financial harm that could allow identity theft or fraud (e.g. Loss of financial data, credit card information, etc.)
  • Any other harm that, if the information was disclosed, could be deemed sensitive by that person and may subject them to discriminatory treatment, humiliation or damage to their reputation (e.g. health and other private information)
  • Harm may be physical, psychological, emotional, economic and financial harm, as well as serious harm to reputation

What happens after a breach?

If a breach occurs we must, within 30 days of any breach or data loss, notify all affected customers and the Government Privacy Commissioner and disclose the information involved. We must also advise the affected customers what they should do to protect themselves.

If you wish to contact us about the handling of your personal information, accessing or correcting your information or to make a complaint, please contact:

      Privacy Officer
      HDI Global Specialty SE - Australian Branch
      Tower 1, Level 33, 100 Barangaroo Avenue,
      Sydney NSW 2000
      Australia
      Tel +62 2 8373 7580
      E-mail address: PrivacyAustralianBranch@hdi-specialty.com

Download Australian Privacy Policy (PDF)


Canadian Branch Privacy Policy

We comply with the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and, where applicable, with the “PIPA Alberta”, “PIPA BC', and “Quebec Privacy Act” (collectively: “Canadian Privacy Statutes”).

These Canadian Privacy Statutes set out the requirements for HDI Global Specialty SE Canadian Branch with regard to the handling of your personal information.

If you wish to contact us about the handling of your personal information, accessing or correcting your information or to make a complaint, please contact:

      Privacy Officer
      HDI Global Specialty SE - Canadian Branch
      Suite 400, 220 Bay Street,
      Toronto, ON  M5J 2W4
      Canada
      Tel +1 416-867-9712
      E-mail address: PrivacyCanadaBranch@hdi-specialty.com