This Fair Processing Notice tells you about processing of “personal data” by Charles Taylor.
What we hold
We may hold and process your personal data in order to provide professional services (“Services”) to clients in the global insurance industry. The Services may include
And we may also use Personal Data which is provided to us or generated by us to
When providing the Services, we may be the “data controller” of your personal data, though sometimes, in providing the Services on behalf of another party we may be operating as a “data processor.”
We may also sometimes be a joint data controller with a company.
If you do not know who the proper data controller for your personal data is, then you can contact us below, and we will check for you.
Your contact points
We are committed to processing all personal data fairly, lawfully, and transparently. To make things simpler, Charles Taylor has nominated one data controller, Charles Taylor Ltd, to handle all requests or queries you might have about our processing of your personal data.
We have appointed a Data Protection Officer (“DPO”) to oversee compliance with data protection law. The contact details are: Emma Hancock, The Minster Building, 21 Mincing Lane, London, EC3R 7AG; email@example.com.
What types of personal data do we collect and retain, and why?
The data we hold, and process generally includes names, contact details, dates of birth, insurance policies, contracts, or claims in which you may have been or are currently involved.
It may also include special category personal data including, potentially, information about your medical history, race, ethnicity, sexual orientation, religious beliefs, trade union membership, genetic and biometric data, political opinions, and any other physical or mental health details.
This personal data is held only for the purposes of performing the Services.
Charles Taylor will almost always obtain your data from either you directly, or our clients, who include individuals, businesses, trusts, funds and insurance companies, who in turn will have obtained it from you or your employer or family member or a company close to you in relation to a contract, insurance policy or employment policy.
What are our legal bases for using your personal data?
Our lawful bases for processing personal data include:
and some aspects of our processing may fall within the “public interest” lawful basis.
Where we rely on your consent to process your personal data you can withdraw that consent at any time. To exercise these data subject rights please contact the following email address: firstname.lastname@example.org. Where the personal data is provided without it being required under a statutory or a contractual basis, there will be no adverse consequences as a result of withdrawal of consent, although it may make it more difficult to provide the same level of service as before the withdrawal of consent.
In all circumstances, however, we also rely on our legitimate interests, and those of our insurance industry clients’ or other clients’, to ensure that you, and the other people who are named under your insurance policy are properly protected by the provision of adequate insurance against the risk of misfortune. Where we rely on our legitimate interests, we will always balance them against the rights and freedoms of the people whose personal data we process. Where their rights override our legitimate interests and there are no other legal bases for processing, we will cease to process personal data.
With whom do we share your personal data?
From time to time, we may need to disclose personal data to third parties. Sometimes, these will be companies who process on our behalf and only act upon our instructions. Sometimes, these will be individuals and companies such as: consultants; doctors; experts; lawyers; and other professionals within or connected to the insurance industry.
Any organisation or business which has access to your personal data in connection with provision of our Services should be governed by contractual restrictions and/or technical limitations to ensure that they protect your personal data and meet with the appropriate data protection legislation.
Where these organisations or businesses are based outside of the EEA in a jurisdiction that has not yet been deemed adequate by the EU, we will either enter into EU approved standard contractual clauses, or we shall use one of the exemptions provided by law to permit export of personal data.
We will keep records of where your data has been sent outside of the EU and you can have access to these records if you wish. We will keep personal data in line with our Data Retention Policy, a copy of which is available on application.
Automated decision taking
There are some very limited circumstances where we, on behalf of our clients, use computer questionnaires to give you a quick decision on whether or not they can provide you with insurance cover. In some cases, this is done to generate a quote based on your individual circumstances, including things which may involve your Special Category Personal Data (for example, your health data). This is a form of ‘automated decision-making’, because it compares your answers against our insurance client’s criteria and makes a ‘decision’ about whether to provide cover and, at times, how much that might cost.
There may be some very limited circumstances where we, on behalf of our clients, use automated decision making to provide decisions in relation to dealing with, progressing and settling insurance claims. Such processing will not generally involve your Special Category Personal Data, but nonetheless, is a form of ‘automated decision-making’ as it assists in the decision making about the progressing and settling of insurance claims.
We will not use automatic decision making without:
(a) either your explicit consent;
(b) it being necessary for entering into, or performance of, a contract between yourself and a data controller (such as ourselves or an insurance company whom we are supporting) or
(c)) you are being told by a data controller that a decision has been taken solely on automated processing.
However, if you are not happy with the result of an automated decision, you can request human intervention, express your own views, and/or contest the automated decision by writing to:email@example.com (but please put ‘Automated Decision-Making’ in the email subject line).
What Security measures we take
We have considered currently available technological and organizational tools, their costs and the nature, scope, context and purposes of the processing we are engaged in. We have implemented appropriate technical and organisational measures to
which we have received or generated ourselves.
Your legal rights
You have various legal rights in your personal data including:
Responses to your requests will be provided within one month unless your request is complicated in which case, we may have to may extend the deadline for responding to three months, but we will let you know if this is the case. Generally, there is no fee for making these requests.
Responses to your requests in accordance with the applicable law. You should keep in mind that, depending on the right you want to exercise, and the type of personal data involved, there may be legal reasons why we cannot meet your request.
If you want to make a request- for example, if you want to receive a copy of the personal data which we hold about you- we suggest that you make a request in writing and include the following information with your request:
We may need corroborating information to establish your identity, so when writing we suggest that you supply us with a copy of your passport or your driving licence. You should not send copies of these over the internet as it is not necessarily secure.
We ask for these details because we want to protect your personal data ( or the personal data of the person you are making the request on behalf of ) by being as sure as we reasonably can that you are not being impersonated.
How to contact us, and your right to complain to our supervisory authority
If you have any questions about this Notice, please contact our DPO.
We work conscientiously to handle your personal data responsibly. If you are unhappy with the way we are doing this, please contact our DPO, who will try to address your concerns.
However, you have a right to complain to the UK’s data protection supervisory authority;
The Information Commissioner
Information Commissioner’s Officer
If we change this Notice, we will let you know by publishing the updated version on our website. We aim to protect and respect your privacy, and that intention will carry on in any future changes to this Notice.
This Fair Processing Policy comes into effect on 1 November 2020 replacing our previous Fair Processing Policy. This new Policy applies to all personal data we process about you in connection with your relationship with us.
Last updated November 2020
This site and all content are copyright © Charles Taylor Ltd
All rights reserved
Find out how our wide range of services can support and benefit your business.