Elite Insurance Company Limited (In Administration) - Privacy notice

What is a privacy notice?

We want to ensure that policyholders (“you”) understand what information we have about you, how we will use it and for what purpose. We are also required by data protection legislation to explain certain matters to you. This privacy notice intends to set these matters out.

Who is data controller?

We are a "data controller" (and registered as such with the Regulator). This means that we are responsible for deciding how we hold and use certain personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

This notice was published on 12 December 2019 and is the latest version of our privacy policy in relation to your data. We reserve the right to amend the privacy policy and any subsequent or amended versions will be uploaded to our website.

Data Protection Principles

We will ensure that the personal information we hold about you is:

  • used lawfully, fairly and in a transparent way
  • collected only for specified and legitimate purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • adequate, relevant and limited to what is necessary in relation to the purposes we have told you about
  • accurate and kept up to date
  • not kept in a form which permits your identification for longer than necessary and kept only as long as necessary for the purposes we have told you about
  • kept securely
  • not transferred to another country without appropriate safeguards being in place

What information about you will we use?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

There are also "special categories" of more sensitive personal data which will require a higher level of protection.
The types of personal data that we will collect, store and use about you include:

  • name (including where relevant) maiden name
  • date of birth
  • address
  • contact details
  • gender
  • marital status and dependants
  • emergency contacts, and immigration status
  • passport/ID card
  • tax information
  • bank account details
  • log-in information and photograph

Special categories of personal data

There are also "special categories" of more sensitive personal data which we may also collect, process and store.

These special categories may include:

  • your race or ethnicity, religious beliefs, sexual orientation and political opinions
  • any information about your health, including your sickness absence records

These special categories of personal data require a higher level of protection and we will ensure that this is achieved.

How is your personal information collected?

We collect personal information about you from your proposal form, insurance policy, either directly from you or sometimes from one of our brokers.

How and why will we use your personal information?
As you will appreciate that, we need to use your personal information to perform, in so far as the circumstances permit in the context of the Company’s Administration, the contract that entered into with you.

In most cases, we will use your personal information to:

  • to comply with our legal obligations
  • to comply with our legal obligations as Joint Administrators of Elite Insurance Company Limited (in Administration) as appointed on 11 December 2019
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
  • to protect your interests (or someone else's interests)
  • (on rare occasions) where it is needed in the public interest

The situations in which we will commonly use your personal information include:

  • administering your insurance policy (in the context of the Administration)
  • (where necessary) disclaiming any insurance policy
  • transferring information to claims handlers and/or other third-party service providers for the management of any claims under your insurance policy – for more information about the relevant service provider applicable to you, please contact us (see contact details below)
  • liaising with brokers claims handlers, legal advisors and the Financial Services Compensation Scheme, for the purposes of complying with our contractual obligations to you and any of the above mentioned purposes
  • liaising, where necessary, with regulators (such as the Gibraltar Financial Services Commission and the Financial Conduct Authority of England and Wales)
  • managing and planning the Administration.

Who else might your personal information be shared with?

We may have to share your data with third party data processors where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. Such third parties include IT providers and other data service providers. We require third parties to respect the security of your data and to treat it in accordance with the law.

In addition we may be required to share some of your Personal Data with other creditors. The data which will be shared will be limited to that specifically required to be disclosed under insolvency legislation. We do not transfer any personal data outside of the EEA.

For how long will your personal information be kept?

We will not keep personal data longer than is necessary for the purpose or purposes for which they were collected. We will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required.

Records of personal data will also need to be kept by the Administrator for the purposes of compliance with the terms of his appointment. This means that for our (and the Administrator’s purpose) the phrase “longer than necessary” does not necessarily mean that records will be destroyed once your policy is no longer in force. For example, where a policy has been disclaimed, we will still be required to keep a record of certain details e.g. policy numbers even after those policies have been disclaimed. There may be instances where the Administrator will need to keep certain information (for record keeping purposes) even after the Administrator has been finalised.

How will your personal information be kept safe?

We take the security of your personal information very seriously and we have put in place internal controls and security measures to protect it.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, altered, disclosed or accessed in an unauthorised way. Personal data will only be transferred to a data processor if he agrees to comply with those measures, or if he puts in place adequate measures himself.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.

What are your rights in relation to your personal information?

You have certain rights in relation to your personal data as summarised here:

  • Right to be informed – you have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights; this is why we are providing you with the information in this privacy notice
  • Right to withdraw consent – where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time
  • Right of access – you can request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it
  • Right to be erased - This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request
  • Correcting or erasing your information – where we hold information about you that is inaccurate or incomplete, you have the right to ask us to rectify, complete or delete it
  • Right to restrict processing – in certain circumstances you have the right to restrict some processing of your personal information, which means that you can ask us to limit what we do with it. For example, you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it
  • Right to object to processing – you can object to us processing your personal information in certain circumstances, including where we are using it for the purpose of the Company’s legitimate business interests
  • Right to data portability – you have the right to obtain from us and re-use your personal data for your own purposes. This only applies, however, where the processing is carried out by automated means, to personal data that you have provided to us yourself (not any other information) and where the processing is based on your consent or for the performance of a contract
  • Right to complain - you are able to submit a complaint to the Regulator (see contact details below) about any matter concerning your personal information, using the details below. However, we take our obligations seriously, so if you have any questions or concerns, we would encourage you to raise them with us first, so that we can try to resolve them.

Subject Access Requests

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may refuse to comply with your request in circumstances where your request is clearly unfounded, repetitive or excessive.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. Time limit to respond We try to respond to all legitimate requests as soon as reasonably practicable and, in any event, within 30 days of receipt of the request.

Subject Access Requests

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may refuse to comply with your request in circumstances where your request is clearly unfounded, repetitive or excessive.

Time limit to respond

We try to respond to all legitimate requests as soon as reasonably practicable and, in any event, within 30 days of receipt of the request.

Our Regulator

Our regulator is the Gibraltar Regulatory Authority (the “GRA”). The GRA’s contact details are:
Gibraltar Regulatory Authority
2nd floor
Eurotowers 4
1 Europort Road
Gibraltar
GX11 1AA

Tel: (+350) 20074636

Email: info@gra.gi

Contact information

If you have any questions about anything in this privacy notice, please do not hesitate to contact us. You can contact the Administrators directly uk_elite@pwc.com

Follow us