For CBL Insurance Europe DAC (in liquidation) (‘CBLIE’, ‘we’, ‘us’, ‘our’) it is extremely important that your personal data should be protected. When we process your personal data we always do so with the utmost care and in accordance with current laws and regulations.
During the insurance life cycle (e.g. policy administration and claims handling) CBLIE may collect and process personal data relating to you, whether you are a policyholder, a beneficiary under a policy, a claimant or another party involved in a claim.
Kieran Wallace and Cormac O’Connor of KPMG were appointed Joint Liquidators of CBLIE by the High Court of Ireland on 12 March 2020. This means that further processing of personal data by CBLIE arises in the context of, and to the extent necessary for the orderly winding up of CBLIE.
In this privacy notice you can read about how we gather and use your personal data, including disclosures we make to other parties. You will be given information about the rights you have in your dealings with us and how you can exercise them.
CBLIE, acting by its Joint Liquidators, is the controller of personal data described in this notice.
We advise you to read through this privacy notice carefully so you understand it.
If you have any questions about our use of your personal data, please contact us at policyqueries.cblie@kpmg.ie.
DATA COLLECTION
In order for us to provide insurance policies, and/or deal with any claims or complaints and/or manage the liquidation of CBLIE, we need to collect and process certain personal data about you.
The table below details the categories of personal data, and the types of personal data that may be processed.
| Categories of personal data | Type of personal data |
|---|---|
| Individual details | Name, address, contact details (e.g. email and telephone numbers), gender, date and place of birth, nationality, employer, job title and employment history, and family details. |
| Identification details | Identification numbers issued by government bodies or agencies, including passport number, tax identification number and driving licence number. |
| Financial information | Bank account or payment card details, income or other financial information. |
| Risk details | Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include data relating to your health, criminal convictions, or other special categories of personal data. |
| Policy information | Information about the quotes you receive and policies you take out. |
| Anti-fraud data | Sanctions and criminal offences, and information received from various anti-fraud databases relating to you. |
| Previous and current claims | Information about previous and current claims, which may include data relating to your health, criminal convictions, or other special categories of personal data and in some cases. |
| Special categories of personal data | Certain categories of personal data which have additional protection under the GDPR. The categories are health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation. |
SOURCE OF YOUR PERSONAL DATA
We might collect your personal data from various sources, including:
- Directly from you or your family members (online, face to face, or by telephone, or in written correspondence);
- In the event of a claim, third parties including the other party to the claim (claimant/defendant), witnesses, experts (including medical experts), loss adjusters, lawyers and claims handlers;
- Other insurance market participants, such as insurers, reinsurers and other intermediaries;
- Anti-fraud databases and other third party databases, including sanctions lists;
- Government agencies; and
- Claim forms.
Which of the above sources apply will depend on your particular circumstances.
PURPOSE AND LEGAL BASIS
Personal Data
We may process your personal details for the following purposes.
| Purpose | Legal basis |
|---|---|
| To identify the applicable premiums and conditions | Performance of a contract with you. |
| To manage your insurance policy | Performance of a contract with you. |
| To manage your relationship with us (including confirmation of your identity and checking that your personal and contact details are correct) and your payment details, e.g. so we can fulfil our obligations to you as an insured and can provide the services which you require of us and provide information about them. | Performance of a contract with you. |
| To manage our services and internal activities. | Our legitimate interests in conducting our business and managing services in a responsible and commercially prudent manner. |
| To prevent any abuse of our services, including fraud, to manage risk and carry out our risk analysis. | To comply with legal obligations. Our legitimate interest in identifying and managing legitimate claims. |
| To comply with the relevant legislation including legislation on insolvency, corporate governance, measures to counter money-laundering, accountancy law, tax law and rules on the capital adequacy ratio requirements (Solvency II). | To comply with legal obligations. |
| Since the appointment of Kieran Wallace and Cormac O’Connor of KPMG as Joint Liquidators of CBLIE by the High Court of Ireland on 12 March 2020, your personal data is being processed to the extent relevant and necessary for the liquidation of CBLIE, including: Determining whether any insurance claims that arose from insurable events that occurred before the commencement of the winding-up of CBLIE on 20 February 2020 (whether or not notified to CBLIE before that date) will be provable as debts in the liquidation of CBLIE; Assessing policyholder claims, including determining the portion/extent of agreed claims (or claims yet to be agreed) that will be paid, including by means of a dividend in the liquidation; Assessing compensation claims, claims for return of premiums and determining the priority of a claim. | To comply with legal obligations in connection with the liquidation of CBLIE. Our legitimate interests in appropriately managing and winding up the affairs of CBLIE. |
Where we rely on our legitimate interests as the legal basis for processing personal data relating to you, we will not process your personal data for the purposes identified above if to do so would constitute an unwarranted interference with your own interests, rights and freedoms.
Special categories of personal data
The legal bases on which we collect, process and transfer special categories of personal data relating to you in the manner described above are:
- that the processing is necessary and proportionate for a policy of insurance; or
- that you have given your explicit consent to such processing.
Personal data relating to criminal convictions and offences
- The legal bases on which we collect, process and transfer personal data relating to criminal convictions and offences in the manner described above are:that such processing is necessary and proportionate for the performance of a contract with you or in order to take steps at your request to enter into a contract; or
- that such processing is necessary and proportionate for the purpose of providing or obtaining legal advice in connection with legal claims, prospective legal claims, legal proceedings, or prospective legal proceedings; or
- that such processing is necessary and proportionate for the purpose of establishing, exercising or defending legal rights; or
- in limited circumstances, where you have given your explicit consent to such processing.
IDENTITIES OF OTHER DATA CONTROLLERS
The insurance life cycle involves the sharing of your personal data between insurance market participants. CBLIE is an insurance market participant that you may not have had direct contact with.
You can find out the identity of the data controller(s) of your personal data within the insurance market life cycle in the following ways:
- Where you took out the insurance policy yourself: if you purchased insurance through an intermediary, the intermediary will be the initial data controller and their data protection contact can advise you on the identities of other insurance market participants (such as CBLIE) that they have passed your personal data to;
- Where an organisation took out the policy in your benefit: you should contact the organisation that took out the policy, who should provide you with details of the insurer or intermediary that they provided your personal data to and you should contact their data protection contact, who can advise you on the identities of other insurance market participants that they have passed your personal data to; and,
- Where you are not a policyholder or an insured: you should contact the organisation that collected your personal data, which should provide you with details of the relevant participant’s data protection contact.
RECIPIENTS OF PERSONAL DATA
We may disclose your personal data to other organisations in connection with the above purposes, including:
- to third parties who we engage to provide services or benefits to us or to you, such as professional advisers, auditors, insurers and outsourced service providers;
- to the other data controllers identified above;
- to relevant third parties involved in the liquidation process including members of staff working on the liquidation in KPMG; and
- to competent regulatory authorities and other bodies as requested or required by law.
REQUIREMENT TO PROVIDE DATA
You are not under a statutory or contractual duty to provide us with any personal data. However, there are some pieces of information that you must provide to us so that we can process a claim made by you or deal with any queries you raise. If you do not provide this information, we may not be able to process a claim made by you or deal with your query.
RETENTION
We will keep your personal data only for so long as is necessary. As Joint Liquidators have now been appointed over CBLIE, CBLIE is required to retain its books and records (which will include personal data) for a minimum period of 6 years following its dissolution under section 707 of the Companies Act 2014. However, a longer retention period may be directed by either a committee of inspection or the creditors of CBLIE
INTERNATIONAL TRANSFERS
We may need to transfer your data to insurance market participants or their affiliates or sub-contractors which are located outside of the European Economic Area (EEA). Those transfers will always be made in compliance with the GDPR.
For instance, our parent company is located in New Zealand (CBL NZ). Any transfers of personal data to New Zealand that do take place will be made subject to an appropriate safeguard being in place, namely an ‘adequacy decision’ granted in respect of New Zealand by the European Commission.
CBL NZ may engage with service providers who store personal data outside of New Zealand. CBL NZ shall ensure that all service providers meet certain standards of European data protection. If you would like further details of how your personal data would be protected if transferred outside the EEA, please contact policyqueries.cblie@kpmg.ie.
YOUR RIGHTS
| Right | Details |
|---|---|
| Right of access | You are entitled to access the personal information we have about you and you can request a copy of it from us. You can usually request a copy at no charge, but if you require multiple copies or ask repeatedly, we may charge a fee. |
| Right to rectification | It is important that we should have correct information about you and we advise you to let us know if any of your personal details are incorrect, for example if you have changed your name or moved. You can correct information about yourself which is incorrect or incomplete at any time. |
| Right to be forgotten/Right to erasure | In certain limited circumstances, you are entitled to require that your personal details be deleted. |
| Right to restrict | In some cases, we may be under a legal obligation which prevents us from deleting your information immediately. In such cases we ensure that access to your information is restricted in such a way that it is only used to allow us to fulfil our legal obligations and our contractual obligations to you. |
| Right to object | You can request we restrict the processing of your personal data if: you contest the accuracy of the personal data we process about you; the processing is unlawful and you request restriction (rather than erasure); we no longer need the personal data for the original purpose, but you require them in order to establish, defend, or exercise a legal claim. |
| Right to data portability | You can ask us to provide a copy of your data in a commonly used and machine-readable format to you or another controller. The right only applies in limited circumstances, including (i) the processing is carried out by automated means and (ii) the legal basis for the processing is your consent or our performance of a contract with you. |
| Right to withdraw consent | Where the processing of your personal data is based on you having provided your consent, you have the right to withdraw your consent at any time. |
COMPLAINTS
If you have any concerns or are not satisfied with the way in which we process your personal data, you can contact us and we shall look into your complaint: policyqueries.cblie@kpmg.ie
If you are not satisfied with our answer or consider that we are processing your personal details in an illegitimate or unlawful way you may lodge a complaint with the Data Protection Commission: https://www.dataprotection.ie/en/contact/how-contact-us.