Privacy Notice for Maiden Life & General

To work effectively we may need to share your personal information with third parties: within our corporate group of companies and with our contractors, as described below. Some of the third parties process your personal information on our behalf as our processors (in which case we remain responsible for their processing of your personal information) and others are controllers of personal information in their own right (in which case they are responsible for the processing of your personal information).

It should be noted that we shall never sell your information to a third party without your express approval.

We shall share your details with contractors and sub-contractors (including companies within the Maiden Life & General Group) in order to implement our contract with you and for other purposes which will be apparent from this privacy notice. Such contractors include suppliers of insurance administration, claim adjustment, and IT contractors. If the contractor/sub-contractor processes your personal data on behalf of Maiden Life & General as our processor, Maiden Life & General will ensure that the contractor/sub-contractor has undertaken to process your details in accordance with Maiden Life & General’s data protection policy and other regulations.

We shall also share your details with the insurance intermediary you have contact with when taking out an insurance policy and with a reinsurance company which reinsures our policies. Some of these re-insurance companies are within the Maiden Life & General Group. This applies to any information which we need to allow the insurance intermediary/reinsurance company to manage your insurance policy and our own reinsurance policy and to fulfil their undertakings in accordance with the law, the Regulation and the rules of our regulators. These entities will process your personal information as controllers in their own right, and we disclose your personal information to them in order to perform our contract with you and/or for the legitimate interests of enabling your policy to be reinsured (which are not overridden by your own interests, rights and fundamental freedoms because this enables us to provide a better service to you).

We shall also release your details to the authorities, including the Police, the Tax Service, and other authorities if we are obliged to do by law or with your consent (to the extent that we seek to obtain your consent). One example of when the law obliges us to release information is in the case of measures designed to combat money laundering and funding for terrorism. The information which is shared is subject to the authority’s data protection policy as the authority is a controller of your personal information in its own right.

Lastly, Maiden Life & General will share your details with third parties in connection with the purchase or sale of business or assets. Your details may then be shared with prospective vendors or purchasers as such sharing is the legitimate interests of the purchaser of business/assets to continue the relevant business following their acquisition, and in our legitimate interests to be able to sell our business or assets to a purchaser, these interests are not overridden by your own interests, rights and fundamental freedoms because it enables the purchaser to continue to provide you with services). In the event that Maiden Life & General or a significant part of Maiden Life & General’s business or assets should be acquired by a third party your details may then be shared with it.

Your data will be processed within the EU/EEA and/or United Kingdom. In some circumstances your details may, however, be transferred and processed in a country outside the EU/EEA and/or United Kingdom, in countries whose data protection laws do not provide the same level of protection for your personal data as the United Kingdom and EU/EEA. The country to which your personal data may be transferred is the United States (where a company within the Maiden Life & General Group who provides IT services to us is located). When we transfer your personal information outside of the EU/EEA and/or United Kingdom we are required by data protection laws to take certain steps (such as entering into approved mechanisms and conducting risk assessments) to ensure your personal information is appropriately protected.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This means that the period of time for which we store your personal data may depend on the type of data we hold. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

As a principle, that means that we shall keep your personal details for the entire duration of the agreement and for a period of six years thereafter (corresponding to the statutory period of limitation which applies in the context of insurance) unless a longer period is allowed for under narrow circumstances allowed under specific legislation including but not limited to Unclaimed Life Assurance Policies Act, health insurance legislation, and lifetime community ratings legislation. If we save your information for any purpose other than our agreement with you, e.g. to meet requirements in respect of accounting (seven years) or measures to combat money laundering (five years), we shall hold on to the information only for so long as is necessary and/or required by law.

If we do not offer you a policy after you apply to become insured by us, or we do not conclude an agreement despite having made an offer to you, we shall delete your personal details within six months of the rejection or acceptance of your notification that do not wish to take out a policy with us.

For more information about our data retention policies please contact us at dataprotection@maideniis.com.

In order to comply with anti-money laundering regulations, we will use your personal data to check if you are either a politically exposed person (“PEP”) or are a relative or close associate (“RCA”) of a PEP. PEPs are individuals entrusted with prominent public functions such as heads of state, MPs, judges or ambassadors. It does not apply to local government or more junior members of the civil service. Relative would include spouse, children and their spouses, parents and siblings.

The checks may include publicly available information, reliable public registers or a commercial database designed for this purpose. If you are identified as a PEP or an RCA, we must assess the level of risk associated with you and the extent to which enhanced due diligence measures need to be carried out. The fact that you are a PEP or RCA does not exclude you from having the insurance product, it just means that additional measures need to be carried out to comply with anti-money laundering regulations.

Maiden Life Försäkrings AB (company registration number 516406-0469) and Maiden General Försäkrings AB (company registration number 516406-1003), are responsible for processing your personal details as set out above. They are separate independent controllers. In this policy the companies are together referred to as Maiden Life & General (or we, us etc.). The companies are registered with Finansinspektionen [the Financial Supervisory Authority] and Bolagsverket [Companies Registration Office] and have offices at Styckjunkargatan 1, 114 35 Stockholm, Sweden. We comply with Irish data protection legislation.

If you have any questions about data protection please get in touch with us by ringing us on +44 (0)1494 687599 or send an e-mail to dataprotection@maideniis.com. You can also contact our Data Protection Officer at dataprotection@maideniis.com.

This Privacy Notice may be updated from time to time.