You can visit our website without revealing who you are or providing any personal information about yourself. PMAL’s Fair Processing Notice is set out in Appendix A to this Policy.
We take care to protect the privacy of our clients and investors and for users of this website. This policy explains how we process information about website visitors.
Be aware that PMAL has issued a separate Privacy Notice with respect to Syndicate 1884 which can be accessed through a separate link on this website.
This Privacy Notice sets out how we process
- non-personal data in the form of information from Cookies, (see below under “Cookies”) and
- personal data (that is, data which allow you to be identified, either on its own or with other data available to us or the public). We have set this section out for you under “PMAL Fair Processing Notice,” below.
For the purposes of Schedule 1 Part 4 of the Data Protection Act 2018, we set out below our procedures for securing compliance with the principles of Article 5 of the General Data Protection Regulation (GDPR).
- PMAL will keep and maintain a Data Inventory, listing the categories of all the Personal Data that it processes, including specifying the Special Category Personal Data.
- PMAL conducts Privacy Impact Assessments upon developing new procedures or processes or entering into new forms of business which involve the processing of personal data. The PMAL Head of Compliance shall be responsible for any prior consultation with the ICO within the meaning of Article 36 GDPR. PMAL will act in accordance with all its legal and ethical obligations in respect of personal data, including (but not limited to) Applicable Data Protection Law.
- PMAL will give effect to Articles 12-14 GDPR and the Right to Information.
- Any contracts in which both PMAL and another entity are both Data Controllers shall where possible specify the division of responsibilities in a manner that maximizes the transparency of approach to data subjects, especially with respect to their Data Subject Rights.
Processing personal data for Specified Purposes only
PMAL maintains the Data Inventory which shall include:
- as against every type and category of Personal Data the lawful basis (or bases) for its processing, according to Article 6 GDPR;
- as against every type and category of Special Category Personal Data, the exemption (or exemptions) relied upon under Article 9(2) GDPR from the prohibition in Article 9(1) GDPR;
- as against every type and category of personal data relating to criminal convictions and the like (Article 10 GDPR), the provision of Applicable Data Protection Law which permits such processing (this type of personal data will normally only be processed if PMAL are advised of, or discover, fraudulent conduct)
- a record of any circumstances in which PMAL as a data controller relies on its own legitimate interests,
- where the processing of personal data is for different purposes than the original purposes for which the personal data was obtained, the new, different, purposes shall be recorded in the Data Inventory.
PMAL will only process Personal Data insofar as is reasonably necessary to do so.
PMAL will review its Data Inventory on a periodical basis, no less than once per annum,
PMAL shall ensure, where reasonably practicable, that all personal data it processes shall be accurate and up-to-date.
PMAL provides for the Right to Rectification, which shall be actioned without undue delay on receipt of a written Request from, or on behalf of, a data subject seeking to rectify (including seeking to amplify) their Personal Data.
The PMAL’s Data Retention Policy provides details as to the period for which types and categories of personal data shall be retained, and the lawful basis for that retention.
Appropriate Technical & Organisational Measures
PMAL shall take all appropriate technical and organisational measures to keep Personal Data secure and processed only for the authorised purposes.
Audit and Review
This Policy shall be reviewed on an annual basis by the PMAL Head of Compliance.
The cookies placed on your device as a result of your accessing this website collect information about how visitors use the site, for instance which pages visitors go to most often, and whether they get error messages from web pages. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works. By using our website, you agree that we can place these types of cookies on your device.
Appendix A: PMAL Fair Processing Notice
This Fair Processing Notice tells you about processing of “personal data” by PMAL.
PMAL is committed to ensuring your privacy and personal data is protected. It is important that you read this Fair Processing Notice. By providing your personal data to us, you acknowledge that we may use it in ways set out in this Notice.
Our Privacy Principles
When we collect and process your personal data, we will process it in accordance with the following privacy principles:
- Personal data you provide will be processed fairly, lawfully and in a transparent manner.
- Personal data you provide will be collected for a specific purpose and not processed in a way which is incompatible with the purpose for which we collected it.
- Your Personal data will be adequate, relevant and limited to what is necessary in relation to the purpose for which it is processed.
- Your Personal data will be kept accurate and, where necessary up-to-date.
- Your Personal data will be kept no longer than is necessary for the purpose for which the personal data is collected and processed.
- We will take appropriate steps to keep your personal data secure.
- Your personal data will be processed in accordance with your rights
- We will only transfer your personal data to another country or an international organisation outside of the European Economic Area (EEA), where we have taken the required steps to ensure that your personal data is protected. Such steps may include placing the party we are transferring data to under contractual obligations to protect it to adequate standards.
What we hold
We may hold and process your personal data in order to provide the following professional Services to clients in the global insurance industry. Our activities (‘the Services) may include
- performing contacts of insurance,
- claims and funds handling,
- claims and fund management,
- claims administering,
We may also use Personal Data which is provided to us or generated by us to
- provide tailored Services for Clients and customers requirements and to treat them in a more personal way
- carry out analysis and market research
- carry out marketing
- undertake online advertising
- improve our websites and Services
- carry out administrative and management purposes.
When providing the Services, we may be the “data controller” of your personal data, though sometimes, in providing the Services on behalf of another party we may be operating as a “data processor.”
We may also sometimes be a joint data controller with a company. If you don’t know who the proper data controller for your personal data is, then you can contact us below, and we will check for you.
Your contact point
We are committed to processing all personal data fairly, lawfully, and transparently. To make things simpler, PMAL has nominated the Head of Compliance to oversee compliance with data protection law. The contact details are: The Head of Compliance, Premia Managing Agency Ltd, The Minster Building, 21 Mincing Lane, London, EC3R 7AG; email@example.com
What types of personal data do we collect and retain, and why?
The data we hold and process generally includes names, contact details, dates of birth, insurance policies, contracts, or claims in which you may have been or are currently involved.
This may include special category personal data including, potentially, information about your medical history, race, ethnicity, sexual orientation, religious beliefs, trade union membership, genetic and biometric data, political opinions, and any other physical or mental health details.
This personal data is held only for the purposes of performing the Services.
PMAL will almost always obtain your data from either you directly, or our clients, who include individuals, businesses, trusts, funds and insurance companies, who in turn will have obtained it from you or your employer or family member or a company close to you in relation to a contract, insurance policy or employment policy.
What are our legal bases for using your personal data?
Our lawful bases for processing personal data include:
- where you have given us your consent, we rely on that consent, including your explicit consent to process special category personal data;
- where you are party to a contract, and that contract requires your personal data to be processed;
- where we may have legal obligations that mean we have to process personal data, including anti-money laundering obligations, checking criminal convictions, checking international sanctions registers and fraud investigation and recovery;
- where we need to process it to establish, exercise or defend legal claims, or where we are involved or about to be involved with the Courts acting in their judicial capacity;
- where we need to process your data for an insurance purpose and it is necessary to do so for reasons of substantial public interest.
and some aspects of our processing may fall within the “public interest” lawful basis.
Where we rely on your consent to process your personal data you can withdraw that consent at any time. To exercise these data subject rights please contact the Head of Compliance at the following email address: firstname.lastname@example.org
Where the personal data is provided without it being required under a statutory or a contractual basis, there will be no adverse consequences as a result of withdrawal of consent, although it may make it more difficult to provide the same level of service as before the withdrawal of consent.
In all circumstances, however, we also rely on our legitimate interests, and those of our insurance industry clients’ or other clients’, to ensure that you and the other people who are named under your insurance policy are properly protected by the provision of adequate insurance against the risk of misfortune. Where we rely on our legitimate interests, we will always balance them against the rights and freedoms of the people whose personal data we process. Where their rights override our legitimate interests and there are no other legal bases for processing we will cease to process personal data.
Who do we share your personal data with?
From time to time, we may need to disclose personal data to third parties. Sometimes, these will be companies who process on our behalf and only act upon our instructions. Sometimes, these will be individuals and companies such as: consultants; doctors; experts; lawyers; and other professionals within or connected to the insurance industry.
Additionally, from time to time we may need to transfer your personal data outside the European Union. Where your personal data is transferred outside of the European Union, we will only, save for exceptional circumstances, do so:
- to a county in the European Economic Area or that the European Commission has certified as having adequate data protection law; or
- with your consent, to protect your vital interests, for important reasons of public interest, to perform a contract in your interests, to help the performance of an insurance contract in your interests or which you are a party, and/or for the defence of or exercise of legal claims.
You should be aware that if your personal data is transferred, it may be subject to access requests from foreign governments, courts, law enforcement officials and national security authorities.
We will keep records of where your data has been sent outside of the EU and you can have access to these records if you wish. We will keep personal data for as long as we need it for the purpose it is being processed for or longer if there is a legal requirement to do so. We will review the information we hold and delete it or where appropriate pseudonymise it where there is no longer a legal, business or customer need for it to be retained.
Automated decision making
PMAL will not make use of automated decision making.
What Security measures we take
We have considered currently available technological and organizational tools, their costs and the nature, scope, context and purposes of the processing we are engaged in. We have implemented appropriate technical and organisational measures to
- help prevent unlawful or unauthorised processing, accidental or unlawful destruction, damage, loss, alteration, disclosure or access to Personal Data and
- help to ensure the security of Personal Data,
which we have received or generated ourselves.
Your legal rights
You have the rights set out below in relation to our use of your personal data. However, certain restrictions may apply. If you wish to exercise any of your rights please send all requests in writing to the Head of Compliance with sufficient information to allow us to deal with your request. Generally, there is no fee for making these requests. We may need corroborating information to establish your identity, so when writing we suggest that you supply us with a copy of your passport or your driving licence. You should not send copies of these over the internet as it is not necessarily secure.
We ask for these details because we want to protect your personal data by being as sure as we reasonably can that you are not being impersonated.
Please note that the time limit to respond to requests is one month, with the possibility of another two months in certain circumstances. If we need the extra time to deal with your request, we will notify you of the fact that there will be a delay and the reason for it within a month of your request being made. Likewise, if we have reason to refuse your request, we will notify you within a month of the refusal and the reason for it. If we refuse your request, you are entitled to make a complaint to the ICO.
Right to access your personal data
You have the right to be given details about the personal data concerning you that we hold and why and how we use it. You also have the right to obtain a copy of the personal data we hold about you. This is known as a data access request.
Right to rectification
We take reasonable steps to ensure that the personal data we hold about you is accurate and complete. However, if you do not believe this is the case, please contact us and ask us to update or amend it.
Right to erasure/right to be forgotten
In certain circumstances, you have the right to ask us to erase your personal data, for example where the personal data we collected is no longer necessary for the original purpose or where you withdraw your consent (where the legal grounds for processing was consent). However, this will need to be balanced against other factors. For example, according to the type of personal data we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.
Right to restriction of processing
In certain circumstances, you are entitled to ask us to stop using your personal data, for example, where you think that the personal data we hold about you may be inaccurate or where you think that we no longer need to process it.
Right to data portability
In certain circumstances, you have the right to ask that we transfer any personal data that you have provided to us to another third party of your choice. Once transferred, the other party will be responsible for looking after your personal data.
Right to object
Where we process your personal data on the basis of a legitimate interest, you are entitled to object to the processing in question on grounds relating to your particular situation. We will then stop processing the personal data in question, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedom or unless we need to use it in relation to legal claims.
Right to object to direct marketing
You can ask us to stop sending you marketing messages at any time.
Right not to be subject to automated individual decision making, including profiling
You have the right not to be subjected to decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you.
How to contact us, and your right to complain to our supervisory authority
If you have any questions about this Notice, please contact our Head of Compliance.
We work conscientiously to handle your personal data responsibly. If you are unhappy with the way we are doing this, please contact our Head of Compliance who will try to address your concerns.
Head of Compliance
Premia Managing Agency Ltd
The Minster Building
21 Mincing Lane
By email: email@example.com
However, you have a right to complain to the UK’s data protection supervisory authority; the Information Commissioner at:
Information Commissioner’s Officer
Tel: 0303 123 1113 (local rate)
Please note that we will take all appropriate steps to keep your personal data safe. In the unlikely event that we have a security breach, we will notify you without undue delay about the circumstances of the incident in accordance with our legal obligations.
How do we tell you about future changes of this Notice?
If we change this Notice, we will let you know by publishing the updated version on our website. We aim to protect and respect your privacy, and that intention will carry on in any future changes to this Notice.
PMAL’s other data protection policies are available upon request.
Last updated 27 January 2020
This site and all content are copyright ©
All rights reserved