“I am a small business – no one would target me”
It is true that targeted cyber-attacks are usually associated with large corporate businesses where the reward is greater, however, these attacks are typically orchestrated by organised criminal gangs or groups of sophisticated hackers.
This does not mean SME’s are safe, as there are two primary areas where you are exposed.
Low Level Hackers – they may lack the sophistication of the groups mentioned above although they are widespread and growing rapidly with each generation being more computer literate than the last. Their aim is to target smaller firms where IT Security is not as comprehensive, allowing easier access.
Automated Hacking Software – automated software which can transmit non-targeted viruses to an unlimited number of computers. A hugely damaging attack can cost £100s to set up but result in losses of £1,000s to businesses.
“I use the Cloud to backup data – so it is safe”
Using the Cloud to backup data has become commonplace among UK business and does offer an effective way of having an off-site backup. This method comes with its own risks, some of which can be substantial, as highlighted below.
Access — Keeping sensitive information with a third party has inherent risks because you are not in complete control over who has access to the data. You are also bypassing your own IT policies and support team.
Location — You will not know where the data is physically being stored in the world, this could be anywhere, even a territory where Data Protection Laws are not as established as the UK.
Storage — Your data will be stored alongside other people’s data and an encryption failure could lead to your data being unreadable.
Recovery — Is there an established process for data recovery? Is the data being replicated across multiple locations so a failure with one server does not compromise your backup?
Support — If your data is hosted abroad, the geographical separation may be prohibitive to investigations of any illegal activity relating to your data.
Liability — The limit of liability offered by Cloud Hosts is typically very limited, often to the value of your annual fee. A refund of your annual hosting fee would not be enough to cover the cost of a major System or Data Breach.
Responsibility — You are unable to outsource your responsibility for your customer or employee data so even if the breach is caused by your Cloud Host, you are liable for the consequences.
“I outsource my IT – they have me covered”
This is a common statement and this section is not to call into question the competency of your outsourced IT professional, as they are a vital element of your Cyber Defence.
The standard scope of outsourced IT services is system security and IT Helpdesk support and Cyber Insurance is not designed to replace any IT function you outsource, it is designed to supplement your IT support at the time of a loss, giving access to the additional resource required to recover in the quickest way possible. Some examples of this are highlighted below.
24/7 Emergency Response – most IT firms do not provide a 24-hour emergency response helpline. This a key part if the insurance cover – an emergency response team who triage the issue and formulate the most effective incident management plan to mitigate the loss and recover.
General Resource – Your outsourced IT provider is not a dedicated resource and will have many clients to service on a daily basis, therefore it is unlikely they will have sufficient resource to dedicate to your emergency situation. The insurance cover provides access to industry experts who are managed by an appointed incident manager to work alongside your IT provider.
Cyber Crime – Unless your IT provider has been negligent, you will have no right of recovery against them for Cyber Crime losses. In addition, the standard contract conditions of IT firms will limit liability to annual fees paid, with some offering even less protection. The insurance cover includes Cyber Crime losses such as Ransomware, Phishing Email Scams & Telecoms Fraud.
Business Interruption – Although your IT provider will assist in recovering from a Cyber Attack, they will not cover the loss of profit resulting from an inability to trade or reduced efficiency. The insurance cover provides this security.
Third Party Claims, Fines & Investigations – A Cyber Attack can result in claims for breach of privacy, fines from the Data Protection Regulator and costs incurred to investigate the cause of the breach. You are unable to outsource your responsibility to your customer or employee data, so even if the breach is caused by your IT Provider, you are liable for the consequences.
Public Relations Consultancy – There is the potential for a Cyber Attack against your business to become public knowledge which may impact on people’s desire to do business with you. Your IT provider will have no expertise in handling negative publicity, however, the insurance cover provides access to an expert Crisis Management Team who will mitigate your reputational damage.
“I use Anti-Virus & Firewall software – this keeps me protected”
Although these are both essential to Cyber Security, they offer no guarantee of a successful defence. The software is only able to react to new threats that are known about, although with over 400m new viruses created each year, even updating the software each day would not be enough to ensure protection.
Typically, business will have implemented some level of Anti-Virus & Firewall protection so, with the help of the IT Experts who form part of the insurer’s Incident Response Team, we have carefully selected advanced Cyber Security products to offer an additional level of protection and decrease the chances of a loss. This directly links to your Cyber Insurance through discounted premiums due to having more robust protections in place.
Our Company Details
Cyberbee is a trading title of CCRS Brokers Limited. Correspondence Address – 15 & 16 Newton Place, Glasgow G3 7PY
Telephone – 0141 212 8820.
E-mail – email@example.com
Registered in Scotland Number – SC345403
Registered Office – 15 Newton Place, Glasgow, G3 7PY
Accepting Our Terms of Business
These General Terms of Business (the ‘Agreement’) set out some important information about CyberBee and the nature and scope of the services we will be providing to you.
By asking us to quote on and arrange your insurances, you are providing your informed agreement to these CyberBee General Terms of Business. We would draw your particular attention to the section headed Processing of Personal Data, specifically the paragraph explaining how ‘sensitive personal data’ will be used and the section titled Credit Checks.
For your own benefit and protection, you should read these terms carefully. If you are unsure about any aspect of these General Terms of Business or have any questions regarding our relationship with you, please contact us at the address above.
The Financial Conduct Authority (FCA)
CCRS Brokers Limited is authorised and regulated by the Financial Conduct Authority. Our Financial Services Register reference number is 487406. Our permitted business is introducing, advising, arranging, dealing as agent, assisting in the administration and performance of general insurance contracts and credit broking in relation to insurance instalment facilities. You may check this information on the Financial Services Register by visiting the FCA’s website, https://register.fca.org.uk/, and/or by contacting the FCA on 0800 111 6768.
The capacity in which we act for you
In providing our service we act on your behalf and also act as agent of the insurer in providing a quotation, arranging cover and issuing the policy documentation.
Helping you decide
We source and arrange products but do not offer advice or make recommendations when providing a quotation or arranging your insurance. However, we may ask some questions to narrow down the selection of products on which we will provide details; you will then need to make your own choice about how to proceed.
Our product range and the range of insurers used
We only offer one type of insurance policy cover which is Cyber Insurance. We only offer cover from a limited panel of two insurers. The insurers we use are Chubb European Group Limited, whose registered address is 100 Leadenhall Street, London EC3A 3BP and CNA Insurance Company Limited, whose registered address is 20 Fenchurch Street, London, EC3M 3BY. Only one quote from one of these insurers will be provided. The insurer selected by us will be dependent on the material facts and risk information provided. We will not in any circumstance guarantee the solvency of any insurer.
Complaints and Compensation
We aim to provide you with extraordinary service at all times but, if you are not satisfied, please contact us using the information shown in the Our Company Details section above.
When dealing with your complaint we will follow our complaint handling procedures (a summary of which is available on request). If you are still not satisfied you may be entitled to refer the matter to the Financial Ombudsman Service (FOS) except in the case of a business employing 10 persons or more and with a turnover or annual balance sheet total exceeding €2 million, a charity with an annual income or £1 million or more or trustees of a trust with a net asset value of £1 million or more. For further information you can visit the FOS web site at www.financial-ombudsman.org.uk or by contacting them on 0800 023 4567.
We are covered by the Financial Services Compensation Scheme (FSCS) for our insurance mediation activities. You may be entitled to compensation from the scheme if we cannot meet our obligations. This depends on the type of business and the circumstances of the claim. If you are eligible to claim from the FSCS, compensation is available as follows:
For further information you can visit the FSCS web site at www.fscs.org.uk or by contacting them on 0800 678 1100.
Payment For Services
We receive commission from the insurers. In respect of premium refunds we will retain the commission element of this unless we have specifically agreed to the contrary. You are entitled, at any time, to request information regarding any commission which we may have received as a result of placing your insurance business. We also draw your attention to the sections headed Cancellation of Insurances and Ending Your Relationship With Us.
Unless specifically agreed by us in writing to the contrary all payments due to us are to be paid in full immediately on receipt of our invoice.
Our financial arrangements with the insurer is on a ‘Risk Transfer’ basis. This means we act as agents of the insurer in collecting premiums and handling refunds due to clients. In these circumstances such monies, once received by us, are deemed to be held by the insurer(s) with which your insurance is arranged. However, if Risk Transfer does not apply, such monies will be held by us in a Statutory Trust account set up in accordance with FCA rules. Interest earned on monies held in such a Statutory Trust account will be retained by us.
Cancellation of Insurances
You should make any request for the cancellation of a policy in writing. The terms of your policy may allow insurers to retain the premium in full or to charge short period premiums in the event of a cancellation before the policy expires.
Ending Your Relationship with Us
Subject to your immediate settlement of any outstanding premiums and fees, you may instruct us to stop acting for you and we will not impose a penalty unless there is a specific separate contractual agreement to the contrary. Your instructions must be given in writing and will take effect from the date of receipt.
In circumstances where we feel we cannot continue providing services to you we will give you a minimum of 7 days’ notice. Valid reasons may include, but are not limited to, non-payment of premium or fees, commission clawback by insurers where instructions are given to another party to handle the your insurance(s), failure to provide requested documentation or information, deliberate failure to comply with terms set out within the CyberBee General Terms of Business or insurer’s documentation, deliberate misrepresentation or non-disclosure or attempted fraud, use of threatening or abusive behaviour or language, or intimidation or bullying of our staff or suppliers.
Your Responsibilities and Duty of Disclosure
There is a continuing duty for you to disclose all material facts when seeking insurance and to disclose any changes in material facts when renewing and/or during the lifetime of the policy. This includes any changes that may occur between receiving our quotation and placement or renewal of policies. Failure to do so will render the insurance void or voidable.
A material fact is information which would affect the judgement of a prudent insurer in deciding whether to take the risk and, if so, on what terms. If you are in doubt as to whether to disclose certain information, our advice is to do so.
Under The Insurance Act 2015 a duty of fair representation applies to you. A fair representation requires clear and accessible disclosure without material misrepresentation, every material circumstance which you know or ought to know or sufficient information to put a prudent insurer on notice that it needs to make further enquiries to reveal those material circumstances.
You are therefore required to actively disclose information which is the knowledge of senior management, the knowledge of persons responsible for arranging and administering your insurances and information which would be revealed by a reasonable search. The information must be presented in a way which would be reasonably clear and accessible to a prudent insurer.
Failure to provide the ‘fair representation’ may result in a number of remedies by the insurer. If the breach was deliberate or reckless the insurer can void the contract and keep the premium. If the breach was not deliberate or reckless the insurer can apply whichever remedy relevant to the way they would have acted if the breach had not occurred. This could include rendering the insurance void, proportionately reducing a claim settlement or amending the insurance policy terms and conditions then reviewing the merits of a claim on this basis.
If you are in doubt as to whether to disclose certain information, our advice is to do so. You must inform us immediately of any changes in circumstances which may affect the services provided by us or the cover provided by your policy. If you are unsure about any matter please contact us for guidance.
You must check all details on any Proposal Form, Statement of Facts or similar document and pay particular attention to any declaration you may be asked to sign. All information contained on such documents is your responsibility.
It is important that you read all insurance documents issued to you and ensure you are aware of the cover, limits and other terms which apply. Particular attention must be paid to any warranties and/or conditions as failure to comply with them could invalidate your policy or result in a claim not being fully paid. If you do not understand any aspect of the insurance documents please contact us for guidance.
Processing of Personal Data
In your dealings with us you may provide us with information which may include data that is known as personal data. Where we process personal data we comply with statutory data processing requirements as set out by the Data Protection Act 2018. The personal data we will collect will include information relating to your name, address, gender, date of birth, contact details, personal circumstances relevant to material facts disclosure and underwriting information, health, sexual orientation and/or criminal offences.
We will process your personal data to allow us to provide you with our services as your insurance broker in arranging and administering your insurances and services ancillary to your insurances (including arranging insurance premium finance where applicable). Your personal data will also be used to manage future communications between ourselves. Your personal data will be used to provide you with further information about our wider products and services. You can opt out from receiving such communications by e-mailing firstname.lastname@example.org .
In processing personal data for insurance purposes about health, sexual orientation or criminal offences, we will only do so to enable us to provide our service to you and on the basis of it being in the public interest.
We will only use your data for the purpose for which it was collected. We will only grant access to or share your data within CCRS Brokers Limited, with other authorised third parties and product or service providers (such as insurers, providers of services ancillary to your insurances and insurance premium finance providers) where we are entitled to do so by law under lawful data processing.
The Data Protection Act 2018 provides you with Access Rights that allow you to gain an understanding on the data being processed, who we share it with, for what purpose, why we need to retain it and retention periods, to object to the processing and to place restrictions on the processing, to request copies of your data and to request the deletion of your data.
If you require further information on how we process your data or you wish to exercise your rights, please contact our Compliance Manager by emailing email@example.com or by writing to CCRS Brokers Limted, 15 & 16 Newton Place, Glasgow G3 7PY or by telephoning 0141 212 8820. How we process your personal data is detailed further within our Privacy Notice which can be found at https://www.thecyberbee.com/faqs/ . The Privacy Notice may be amended at any time. You should regularly check this Privacy Notice for updates.
We and other firms involved in arranging your insurance may use public and personal data from a variety of sources including credit reference agencies and other organisations. The information is used to help tailor a price, to ascertain the most appropriate payment options for you and to help prevent fraud. Any credit reference search will appear on your credit report whether or not your application proceeds. If you have any questions about this or any other matter please do not hesitate to contact us.
We may communicate with each other by electronic means, including electronic mail (sometimes attaching further electronic data), social media services and online portals, where we have each expressed a wish for that to happen. By consenting to this method of communication we and you accept the inherent risks (including the security risks of interception of or unauthorised access to such communications, the risks of corruption of such communications and the risks of viruses or other harmful devices). Notwithstanding that we and you have reasonable virus checking procedures on our system, you will be responsible for virus checking all electronic communications sent to or provided to you. You will also be responsible for checking that messages received are complete. In the event of a dispute neither of us will challenge the legal evidential standing of an electronic document.
Conflicts of Interest
Occasions can arise where we, clients or product providers, may have a conflict of interest with business being transacted by you. If this happens, and we become aware that a potential conflict exists, we will write to you and obtain your consent before we carry out your instructions and we will detail the steps we will take to ensure fair treatment.
Claims Handling Arrangements
You should take note of the required procedures in the event of a claim, which will be explained in the policy documentation. Generally, insurers require immediate notification of a claim, incident or circumstances which might lead to a claim. All claims must be notified directly to the insurer as stated in the policy documentation you are provided with. We will not act on your behalf in respect of any claim and do not provide any claims handling service and do not collect claims payments.
Limitation of Liability
If we provide any services and/or carry out any work which falls out with the scope of this CyberBee General Terms of Business our financial liability to you for any disputes, acts, errors or omissions will be limited to no more than £5,000,000.
Third Party Rights
Unless otherwise agreed between us in writing no term of this Agreement is enforceable under the Contracts (Rights of Third Parties) Act 1999.
This CyberBee General Terms of Business, which sets out the terms of our relationship with you, will be governed by and construed in accordance with Scottish Law and any dispute arising under it shall be subject to the exclusive jurisdiction of the Scottish courts.
CyberBee, Bee2Bee and Bee2Bee Hive are trading titles of CCRS Brokers Limited. We, CCRS Brokers Limited, (also referred to as “we”, “us”, or “our”) are a registered company in Scotland (Company Number SC345403). Our registered address is 15 Newton Place, Glasgow G3 7PY.
The purpose of this notice
This Notice is designed to help you understand what kind of information we collect in connection with our products and services and how we will process and use this information. In the course of providing you with products and services we will collect and process information that is commonly known as personal data.
This Notice describes how we collect, use, share, retain and safeguard personal data.
This Notice sets out your individual rights; we explain these later in the Notice but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
What is personal data?
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, their gender, contact details, salutation, job title, preferences and interests.
Personal data may contain information which is known as special categories of personal data. This may be information relating to an individual’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, sex life or sexual orientation.
Personal data may also contain data relating to criminal convictions and offences. For the purposes of safeguarding and processing criminal conviction and offence data responsibly, this data is treated in the same manner as special categories of personal data, where we are legally required to comply with specific data processing requirements.
Personal data we collect
In order for us to quote for, arrange and administer insurance and services ancillary to your insurances (and in arranging insurance premium finance where applicable) for you we will collect and process personal data about you. We will also collect your personal data where you request information about our services, events, promotions and campaigns as well as when you participate in a customer survey.
We may also need to collect personal data relating to others in order to quote for, arrange and administer insurance (and services ancillary to insurance). In most circumstances, you will provide us with this information. Where you disclose the personal data of others, you must ensure you are entitled to do so.
You may provide us with personal data when completing online quote or contact forms, when contact is made via the telephone, text, picture or video messaging, participating in online chats, via social media messaging, when creating or amending user account and log in details for online services, during meetings, risk audits or surveys (whether face to face or remote), participating in customer surveys, when writing to us directly or where we provide you with paper or electronic based forms for completion or we complete a form in conjunction with you.
We may also collect personal data from publicly available sources in order to quote for, arrange and administer insurance (and services ancillary to insurance). Examples may include Companies House, Health and Safety Executive, HM Treasury List of Consolidated Targets, information from your website and information on social media platforms.
We will share your personal data within CCRS Brokers Limited and with business partners. This is normal practice within the insurance industry where it is necessary to share information in order to place, quantify and underwrite risks, to assess overall risk exposure and to process claims. It is also necessary to determine the premium payable and to administer our business.
We also share personal data with authorised third parties, this is necessary where we are required to do so by law, where we need to administer our business, to quote for, source, place and administer your insurances and services ancillary to your insurances (for example, insurance premium finance), to perform underwriting activities and to process claims. Some examples are as follows:
We will collect your personal data when you visit our websites, where we will collect your unique online electronic identifier; this is commonly known as an IP address.
We will also collect electronic personal data when you first visit our website where we will place a small text file that is commonly known as a cookie on your computer. A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes, and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our websites in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
We may record your communications with us when contacting our complaints and other customer focused functions.
Where we collect data directly from you, we are considered to be the controller of that data i.e. we are the data controller. Where we use third parties to process your data, these parties are known as processors of your personal data. Where there are other parties involved in underwriting or administering your insurance (and services ancillary to insurance) they may also process your data in which circumstance we will be a joint data controller of your personal data.
A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.
As a provider of insurance services, we will process the following categories of data:
If you object to the collection, sharing and use of your personal data we may be unable to provide you with our products and services.
For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
If you require more information about our insurance processes or further details on how we collect personal data and with whom we share data with, please contact our Compliance Manager by e-mailing firstname.lastname@example.org or by writing to CCRS Brokers Limited, 15 & 16 Newton Place, Glasgow G3 7PY.
Links to other websites
Our websites may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site(s), you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Why do we need your personal data?
We will use your personal data for the performance of our contract with you, to quote for and provide you with insurance products and services, to process claims and renewals, to administer your policy and our business, to respond to any requests from you about services we provide and to process complaints. We will also use your personal data to manage your account, perform statistical analysis on the data we collect, for financial planning and business forecasting purposes and to develop new and market existing products and services.
We will use the special category and criminal conviction data we collect about you for the performance of our contract with you and/or which is deemed to be necessary for reasons of substantial public interest. This allows us to quote for and provide you with insurance products and services (and services ancillary to insurance), to process claims and renewals and to administer your policy (and ancillary services).
In purchasing our products and services you should understand that you are forming a contract with us. If you contact us for a quote or request details on the services we provide, we consider ourselves as having a legitimate business interest to provide you with further information about our services.
In some situations we may request your consent to market our products and services to you, to share your data or to transfer your data outside the European Economic Area. Where we require consent, your rights and what you are consenting to will be clearly communicated to you. Where you provide consent, you can withdraw this at any time by contacting our Compliance Manager by e-mailing email@example.com or by writing to CCRS Brokers Limited, 15 & 16 Newton Place, Glasgow G3 7PY.
Where you have requested a quote (or have otherwise contacted us for details of our products and services), we will retain your personal data for 10 years. Where you make a complaint we will retain the data for 10 years. Where you or law enforcement agencies inform us about any active investigation or potential criminal prosecution, we will comply with legal requirements when retaining this data.
The duration we will retain your personal data at the end of any contractual agreement will be dependent on the nature of the insurance cover arranged or ancillary service provided. For classes of insurance cover which could result in injury, illness or disease claims being made at a future date, we will retain your personal data for a period of 40 years. For classes of insurance cover which could allege responsibility for losses as a result of past actions, errors, omissions or legal liability, we will retain your personal data for a period of 40 years. For other classes of insurance and for ancillary services provided we will retain your personal data for a period of 10 years.
Where you have submitted a claim (or a third party has submitted a claim under your insurance policy or an incident or circumstance which may give rise to a claim is reported), the duration we will retain your personal data at the end of any contractual agreement will be dependent on the nature of the claim. Where a claim involves (or is alleged to involve or could involve) an individual being injured and/or suffering an illness or disease (physical, physiological and/or psychological), we will retain your personal data for 40 years. Where a claim relates to marine losses where there may be future salvage we will retain your personal data for 80 years. For other types of claim we will retain your personal data for a period of 10 years.
We will retain special category and criminal conviction data at the end of any contractual agreement for a period of 10 years unless this is in the context of a class of insurance cover or claim type as referenced above in which case we will retain the data for the same time period as stated above.
The retaining of data is necessary where required for contractual, legal or regulatory purposes or for our legitimate business interests and product development and marketing purposes.
Sometimes we may need to retain your data for longer, for example if we are representing you or defending ourselves in a legal dispute or as required by law or where evidence exists that a future claim may occur.
We do not use automated decision making services, tools and/or techniques to check for customer suitability to our products or services, however authorised third parties we share personal data with may do so (for example to check against an insurer’s acceptable risk criteria or a premium finance provider carrying out a credit search to check an individual’s solvency and credit rating). We will (and authorised third parties may) analyse data to identify products and services which customers may be interested in. This is commonly known as profiling. You have the right to object to the use of profiling activities and the use of automated decision making services, tools and/or techniques.
Please contact our Compliance Manager by e-mailing firstname.lastname@example.org or by writing to CCRS Brokers Limited, 15 & 16 Newton Place, Glasgow G3 7PY or by telephoning 0141 212 8820 if you object to the use of, or you have any questions relating to the use of, your data, the retention of your personal data. You can opt out of receiving marketing services by e-mailing email@example.com .
International transfers of personal data
While CCRS Brokers Limited are solely based in the United Kingdom we utilise the services of specialist IT service providers to process and store data. By their nature, such specialist IT service providers are likely to have international operations with data stored in a jurisdiction which may be outside of the United Kingdom and/or outside of the European Economic Area. Authorised third parties with whom we share data may themselves transfer this outside of the United Kingdom and/or outside of the European Economic Area (for example, many insurers have operations and/or outsourcing arrangements based outside of the European Economic Area where data could be held and processed). This international transfer of personal data is necessary for the purposes of administering our business and underwriting and claims processing purposes. Such parties are not permitted to use your personal data for any other purpose than for what has been agreed with us. These parties are also required to safeguard your personal data through the use of appropriate technical and organisational data security measures and are prohibited from disclosing or sharing your data with other third parties without our prior authorisation, or unless as required by law.
Please contact our Compliance Manager by e-mailing firstname.lastname@example.org or by writing to CCRS Brokers Limited, 15 & 16 Newton Place, Glasgow G3 7PY or by telephoning 0141 212 8820 for a list of countries and organisations your personal data is transferred to and/or for further information on the measures undertaken to safeguard your data.
Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.
These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights:
Individuals can exercise their Individual Rights at any time. As mandated by law we will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee.
In exercising your Individual Rights, you should understand that in some situations we may be unable to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes.
You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.
The flow of data within the insurance sector is complex and we ask you to keep this in mind when exercising your ‘rights of access’ to your information. Where we may be reliant on other organisations to help satisfy your request this may impact on timescales.
If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please contact our Compliance Manager by e-mailing email@example.com or by writing to CCRS Brokers Limited, 15 & 16 Newton Place, Glasgow G3 7PY.
Protecting your data
We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data within CCRS Brokers Limited and authorised third parties.
Data Privacy Representative
To ensure data privacy and protection has appropriate focus within our organisation we have a Data Privacy Representative who reports to our senior management team. The Data Privacy Representative’s contact details are as follows:
The Compliance Manager
CCRS Brokers Limited
15 & 16 Newton Place
Telephone – 0141 212 8820
E-mail – firstname.lastname@example.org
If you are dissatisfied with any aspect of the way in which we process your personal data please contact our Compliance Manager by e-mailing email@example.com or by writing to CCRS Brokers Limited, 15 & 16 Newton Place, Glasgow G3 7PY or by telephoning 0141 212 8820. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their telephone helpline on 0303 123 1113.
Changes to this Privacy Notice
We may amend this Privacy Notice from time to time, for example, to keep it up to date or to comply with legal requirements. You should regularly check this Privacy Notice for updates. If there will be any significant changes made to the use of your personal information in a manner different from that stated at the time of collection, we will notify you by posting a notice on our websites.
How to contact us
If you have any questions regarding this Privacy Notice, the use of your data or your Individual Rights please contact our Compliance Manager by e-mailing firstname.lastname@example.org or by writing to CCRS Brokers Limited, 15 & 16 Newton Place, Glasgow G3 7PY or by telephoning 0141 212 8820.
The General Data Protection Regulation is a new EU legislation that is coming into effect on 25th May 2018 and will have a significant impact on data protection laws. The UK government’s new Data Protection Bill will implement the majority of GDPR and will be enforced by the Information Commissioner’s Office.
The main aim of GDPR is to provide greater protection and rights to individuals and changes how personal data can be used.
This will directly affect all organisations that are either ‘controllers’ or ‘processors’ of personal data – so effectively all businesses!
Controller – an entity that decides the purpose and manner that personal data is used
Processor – the group that processes the data on behalf of the controllers which includes obtaining, recording, adapting or holding personal data
Personal Data – any piece of information that can be used to identify a person which encompasses an extensive range of types of data including IP addresses
In short, the GDPR:
Effectively, this means increased accountability and compliance. This will involve:
Critically, GDPR also enforces mandatory notification to the ICO within 72 hours of discovery of any system breach which could have a detrimental impact on the data subject. If the breach is likely to pose a high risk to the rights and freedoms of the data subjects affected, you will also have to notify those data subjects directly.
The GDPR gives the ICO the power to impose fines on businesses that do not comply with the new regulations including:
The size of potential fines can vary however serious failures can result in fines of up to €20M or 4% of an organisation’s global turnover (whichever is greater). In addition, there will be significant hidden costs associated with the reputational damage should a breach trigger the requirement to notify the data subjects themselves!