Charles Taylor Fair Processing

This Fair Processing Notice tells you about processing of “personal data” by Charles Taylor.

What we hold

We may hold and process your personal data in order to provide professional services (“Services”) to clients in the global insurance industry. The Services may include

  • helping administer and/or perform contacts of insurance
  • arranging insurance
  • providing accounting, actuarial and investment services
  • providing risk management and compliance services
  • claims and fund management
  • delegated underwriting
  • brokering
  • loss adjusting
  • expert appraisal
  • creating or implementing technological solutions
  • providing medical assistance

And we may also use Personal Data which is provided to us or generated by us to

  • provide tailored Services for clients’ requirements and to treat them in a more personal way
  • carry out analysis and market research
  • carry out marketing
  • undertake online advertising
  • improve our websites and Services
  • carry out administrative and management activities

When providing the Services, we may be the “data controller” of your personal data, though sometimes, in providing the Services on behalf of another party we may be operating as a “data processor.”

We may also sometimes be a joint data controller with a company.

If you do not know who the proper data controller for your personal data is, then you can contact us below, and we will check for you.

Your contact points

We are committed to processing all personal data fairly, lawfully, and transparently. To make things simpler, Charles Taylor has nominated one data controller, Charles Taylor Ltd, to handle all requests or queries you might have about our processing of your personal data.

We have appointed a Data Protection Officer (“DPO”) to oversee compliance with data protection law. The contact details are: Emma Hancock, The Minster Building, 21 Mincing Lane, London, EC3R 7AG;

What types of personal data do we collect and retain, and why?

The data we hold, and process generally includes names, contact details, dates of birth, insurance policies, contracts, or claims in which you may have been or are currently involved.

It may also include special category personal data including, potentially, information about your medical history, race, ethnicity, sexual orientation, religious beliefs, trade union membership, genetic and biometric data, political opinions, and any other physical or mental health details.

This personal data is held only for the purposes of performing the Services.

Charles Taylor will almost always obtain your data from either you directly, or our clients, who include individuals, businesses, trusts, funds and insurance companies, who in turn will have obtained it from you or your employer or family member or a company close to you in relation to a contract, insurance policy or employment policy.

What are our legal bases for using your personal data?

Our lawful bases for processing personal data include:

  • where you have given us your consent, -that consent. If we are asked to handle special category personal data, we will rely on your explicit consent.
  • where you are party to a contract, and that contract requires your personal data to be processed;
  • where we may have legal obligations that mean we have to process personal data, including anti-money laundering obligations, checking criminal convictions, checking international sanctions registers and fraud investigation and recovery;
  • where it is necessary to protect your vital interest (or those of another person) where you are physically or legally incapable of giving consent
  • where we need to process it to establish, exercise or defend legal claims, or where we are involved or about to be involved with the Courts acting in their judicial capacity;

and some aspects of our processing may fall within the “public interest” lawful basis.

Where we rely on your consent to process your personal data you can withdraw that consent at any time. To exercise these data subject rights please contact the following email address: Where the personal data is provided without it being required under a statutory or a contractual basis, there will be no adverse consequences as a result of withdrawal of consent, although it may make it more difficult to provide the same level of service as before the withdrawal of consent.

In all circumstances, however, we also rely on our legitimate interests, and those of our insurance industry clients’ or other clients’, to ensure that you, and the other people who are named under your insurance policy are properly protected by the provision of adequate insurance against the risk of misfortune. Where we rely on our legitimate interests, we will always balance them against the rights and freedoms of the people whose personal data we process. Where their rights override our legitimate interests and there are no other legal bases for processing, we will cease to process personal data.

With whom do we share your personal data?

From time to time, we may need to disclose personal data to third parties. Sometimes, these will be companies who process on our behalf and only act upon our instructions. Sometimes, these will be individuals and companies such as: consultants; doctors; experts; lawyers; and other professionals within or connected to the insurance industry.

Any organisation or business which has access to your personal data in connection with provision of our Services should be governed by contractual restrictions and/or technical limitations to ensure that they protect your personal data and meet with the appropriate data protection legislation.

Where these organisations or businesses are based outside of the EEA in a jurisdiction that has not yet been deemed adequate by the EU, we will either enter into EU approved standard contractual  clauses, or we shall use one of the exemptions provided by law to permit export of personal data.

We may also need to transfer personal data from countries outside of the EEA to other countries outside of the EEA, for example, from Canada to India. We will do this so only where we have implemented safeguards so that it continues to be protected to the standards set out in this Privacy Policy Notice. You should be aware that if your personal data is transferred, it may be subject to access requests from foreign governments, courts, law enforcement officials and national security authorities.

We will keep records of where your data has been sent outside of the EU and you can have access to these records if you wish. We will keep personal data in line with our Data Retention Policy, a copy of which is available on application.

Automated decision taking

There are some very limited circumstances where we, on behalf of our clients, use computer questionnaires to give you a quick decision on whether or not they can provide you with insurance cover. In some cases, this is done to generate a quote based on your individual circumstances, including things which may involve your Special Category Personal Data (for example, your health data). This is a form of ‘automated decision-making’, because it compares your answers against our insurance client’s criteria and makes a ‘decision’ about whether to provide cover and, at times, how much that might cost.

There may be some very limited circumstances where we, on behalf of our clients, use automated decision making to provide decisions in relation to dealing with, progressing and settling insurance claims. Such processing will not generally involve your Special Category Personal Data, but nonetheless, is a form of ‘automated decision-making’ as it assists in the decision making about the progressing and settling of insurance claims. 

We will not use automatic decision making without:

(a) either your explicit consent;

(b) it being necessary for entering into, or performance of, a contract between yourself and a data controller (such as ourselves or an insurance company whom we are supporting) or

(c)) you are being told by a data controller that a decision has been taken solely on automated processing.

However, if you are not happy with the result of an automated decision, you can request human intervention, express your own views, and/or contest the automated decision by writing (but please put ‘Automated Decision-Making’ in the email subject line).

What Security measures we take

We have considered currently available technological and organizational tools, their costs and the nature, scope, context and purposes of the processing we are engaged in. We have implemented appropriate technical and organisational measures to

  • help prevent unlawful or unauthorised processing, accidental or unlawful destruction, damage, loss, alteration, disclosure or access to Personal Data and
  • help to ensure the security of Personal Data,

which we have received or generated ourselves.

Your legal rights

You have various legal rights in your personal data including:

  • the right of information and access to your data, including a “portable” copy of your data;
  • to request erasure and rectification of your data; and
  • to request restriction or make objection to processing of your personal data.

Responses to your requests will be provided within one month unless your request is complicated in which case, we may have to may extend the deadline for responding to three months, but we will let you know if this is the case. Generally, there is no fee for making these requests.

Responses to your requests in accordance with the applicable law. You should keep in mind that, depending on the right you want to exercise, and the type of personal data involved, there may be legal reasons why we cannot meet your request.

If you want to make a request- for example, if you want to receive a copy of the personal data which we hold about you- we suggest that you make a request in writing and include the following information with your request:

  • Your name and postal address;
  • Details of your request (it will be easier to find the information if you can be specific as to what you want from us);
  • Your signature and the date of your request;
  • If you are applying on behalf of another person, the signed original authority form that individual (a photocopy will not suffice).

We may need corroborating information to establish your identity, so when writing we suggest that you supply us with a copy of your passport or your driving licence. You should not send copies of these over the internet as it is not necessarily secure.

We ask for these details because we want to protect your personal data ( or the personal data of the person you are making the request on behalf of ) by being as sure as we reasonably can that you are not being impersonated.

How to contact us, and your right to complain to our supervisory authority

If you have any questions about this Notice, please contact our DPO.

We work conscientiously to handle your personal data responsibly. If you are unhappy with the way we are doing this, please contact our DPO, who will try to address your concerns.

However, you have a right to complain to the UK’s data protection supervisory authority;

The Information Commissioner
Information Commissioner’s Officer
Wycliffe House
Water Lane

If we change this Notice, we will let you know by publishing the updated version on our website. We aim to protect and respect your privacy, and that intention will carry on in any future changes to this Notice.

This Fair Processing Policy comes into effect on 1 November 2020 replacing our previous Fair Processing Policy. This new Policy applies to all personal data we process about you in connection with your relationship with us.

Further details can be found in our Cookie Policy, Terms and Conditions and Privacy Policy. For those who work at Charles Taylor, the Charles Taylor Privacy Policy Notice is accessible online via Compass. Our other data protection policies are available upon request.

Last updated November 2020

This site and all content are copyright © Charles Taylor Ltd

All rights reserved


Get in touch

Find out how our wide range of services can support and benefit your business.