This Privacy Notice describes how Angel Risk Management Limited ("Angel", "we" or "us") collect, use, share and secure personal information when we provide our services as an insurance business. It also describes your choices regarding use, access and correction of your personal information. Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified.
As an insurance and reinsurance business, we need to obtain information about the individuals covered in an insurance policy, or individuals that are beneficiaries of, or have made claims under, an insurance policy, or individuals who are involved in an incident giving rise to an insurance claim. This is so that we can properly assess the risks associated with providing insurance or reinsuring a particular block of insurance policies and administer and manage our products and services. This privacy notice applies to any individual whose personal information we process in the course of providing the services (each a "data subject" or "you").
We may be required by law to collect certain personal information about you, or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfilment of these obligations. We will inform you at the time your information is collected whether certain data is compulsory and the consequences of the failure to provide such data.
The type of information we may collect and process about you will depend upon the type of insurance we are offering or underwriting. It may include any of the below (where permitted by law):
From the information we collect about you, we may also derive or generate further information such as risk ratings. Some of this information is generated through profiling (see the section below on "Do we use personal information for profiling and automated decision making?").
Some of the categories of information we collect are special categories of personal information (sometimes referred to as "sensitive personal information"). These include:
We may also collect information about criminal convictions or offences where authorised by law.
We collect personal information from you directly when you voluntarily provide it to us, for instance if you submit application forms to be considered for insurance products or contact us.
We also collect your personal information from a variety of sources:
Occasionally we may collect your personal information from a third party, in particular from authorised, regulatory, public sources such as government regulators, industry self-governing bodies and other publicly available records. This will be most common when we are complying with our legal obligations regarding money laundering and other financial crimes. If appropriate, in these circumstances we will either notify you of our sources or seek your consent to their use.
We use your personal information to:
We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:
If it is necessary that we process your sensitive personal information for one of the purposes listed above, we will only do so where one of the following applies:
We may obtain your consent to collect and use certain types of personal information when we are required to do so by law (for example, in relation to our direct marketing activities, cookies and tracking technologies or when we process sensitive personal information). If we ask for your consent to process your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this Privacy Notice.
You have certain rights regarding your personal information, subject to local law. These include the following rights to:
If you would like to discuss or exercise such rights, please contact us at the details below.
We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate.
We will contact you if we need additional information from you in order to honour your requests.
The way we analyse personal information for the purposes of e.g. risk assessment or fraud prevention may involve profiling, which means that we may process your personal information using software that is able to evaluate your personal aspects and predict risks or outcomes. We may also use profiling, or otherwise employ solely automated means, to make decisions about you that relate to the basis on which we provide insurance to you on behalf of other insurance companies. This is known as "automated decision-making" and is only permitted when we have a legal basis for this type of decision-making.
We may make automated decisions about you:
Subject to local legal requirements and limitations, you can contact us to request further information about automated decision-making, object to our use of automated decision-making, or request an automated decision to be reviewed by a human being.
We may share your personal information with third parties under the following circumstances:
Because we operate as part of a global business, the recipients referred to above may be located outside the jurisdiction in which you are located (or in which we provide the services). See the section on "International Data Transfer" below for more information.
If your insurer or prospective insurer is not an XL group company, we will not share your data with XL group's insuring entities.
We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.
We will keep your personal information for as long as we have a relationship with you, and for a period thereafter which is in line with XL Group's Global Records Management Policy.
Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under European Union law or by the European Commission. XL Group has put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.
Angel Risk Management Limited, acting on behalf of the Insurer named in the Schedule or as defined in your policy, is the controller responsible for the personal information we collect and process. Our Data Protection Officer can be contacted at: email@example.com
If you have questions or concerns regarding the way in which your personal information has been used, please contact the Data Protection Officer.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection authority.
The Angel website use "cookies" to help you personalise your online experience. A cookie is a text file that is placed on your hard disk by a Web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalise Angel pages, or register with Angel, a cookie helps Angel Risk Management to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same Angel website, the information you previously provided can be retrieved, so you can easily use the Angel features that you customised.
You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Angel website.
We may use the following types of cookie on the Angel website:
More information about the cookies we may use on our websites is set out in the table below.
|Type of cookie||Name of cookie||Purpose||Source||Expires after|
|Azure||ARRAffinity||Affinity Cookies are used to aid users to stay on the particular instance that they using till they break state and then things are saved at that time.||angelriskmanagement.com||Session|
|1P_JAR||Google advertising cookie used for user tracking and ad targeting purposes||google.com||30 seconds|
|S||This cookie may collect certain information used to help improve services, including the pages users visit most often and whether users get error messages from certain pages. This cookie may also be used to anonymously measure the effectiveness of PPC (pay per click) and affiliate advertising.||google.com||Session|
|SIDCC||This cookie is a security cookie to protect a user's data from unauthorized access.||google.com||2 years|
|Google Analytics||_ga||Google Analytics - used to distinguish users||angelriskmanagement.com||2 years|
|_gat||Google Analytics - used to throttle request rate, distinguish users and for Campaign info||angelriskmanagement.com||1 minute|
|Google Maps||SID||Google set a number of cookies on any page that includes a Google Map. While we have no control over the cookies set by Google, they appear to include a mixture of pieces of information to measure the number and behaviour of Google Maps users.||google.com||2 years|
You may request a copy of this Privacy and Cookies Notice from us using the contact details set out above. We may modify or update this Privacy Notice and Cookies from time to time.
If we change this Privacy Notice and Cookies, we will notify you of the changes by a notice on this website. Where changes to this Privacy Notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing).