At AXIS, we routinely collect and use personal information about individuals, including insured persons, claimants or business partners. We take our responsibilities to handle your personal data with care very seriously, and protecting the privacy of your personal data is of great importance to us. In this Privacy Notice, we want you to understand when, why and how we collect and use personal information about you, your rights regarding this information, the conditions under which we may disclose it to others and how we keep it secure.
Important: This Privacy Notice does not supersede the terms of any insurance policy or contract you have with AXIS, nor does it limit or affect any rights you have under applicable data protection regulations.
Who collects your personal information?
The AXIS Capital Group is a group of companies that operate in various jurisdictions around the world. The AXIS entity that originally collected information from you will be principally responsible for managing your personal information. If you have an insurance policy with us, this will be the AXIS entity named on that policy.
To find out the identity of any AXIS company that collects personal information about you as part of providing insurance coverage:
- If you purchased the policy yourself, the AXIS company or your broker (if purchased through a broker) will provide you with the details of the AXIS company.
- If your employer or other third party purchased the insurance for your benefit, contact your employer or third party to obtain details of the AXIS company.
- If your personal data is transferred to another entity (for example, a reinsurer or third-party claims administrator), contact your AXIS insurer for details on the other entity.
What type of personal information do we collect about you?
The types of personal information we collect about you depends on your relationship with AXIS.
If you are an Insured Person or Potential Insured, we collect your personal information in order to determine eligibility for, underwrite, and administer insurance policies. In some instances, we may need to collect special category (sensitive) personal information, such as information about your medical and criminal history.
If you are a claimant making a claim under an AXIS policy, we may need to collect your contact information, as well as information about your claim and previous claims. We may also need to collect special category personal information, depending on the nature of your claim.
If you are a business partner, we will collect your business contact details.
The types of personal information (including special category personal information) we collect may include, amongst others:
- Name, address, phone number, email
- Marital status
- Date and place of birth
- Government identification numbers: national insurance, social security, passport, tax, driver's license
- Family information
- Banking information
- Health information/medical history
- Criminal history
- Credit history and credit score
- Other risk, claims and policy information
Click HERE for further details on the types of information we collect.
How do we collect information about you?
If you are an insured or potential insured, we collect information from you or your representative through the policy application process. We may also collect information about you from your family members or employer, credit reference agencies, anti-fraud databases, sanctions lists, and relevant government agencies, including public registers or databases.
If you are a claimant, we will collect information about you when you notify us of a claim, or if the claim is made by someone with a close relationship to you or who otherwise has authority to make a claim on your behalf. We may also collect personal information about you from others who are involved in the claim, including lawyers, witnesses, experts, and adjusters. Finally, we may consult other public sources to validate the claim or protect against fraud or other financial crime.
If you are a business partner, we will collect information about you when you or your company provides that information to us as part of the business relationship.
Why do we collect information about you?
We may collect your personal information for the following purposes:
If you are an insured or potential insured:
- Account setup, including background checks
- Evaluating risks to be covered
- Risk modeling and underwriting
- Customer service communications
- Payments to/from individuals
- Direct marketing
- Complying with legal or regulatory obligations
If you are a claimant:
- Managing insurance or reinsurance claims
- Defending or prosecuting legal claims
- Investigating or prosecuting fraud
- Complying with legal or regulatory obligations
If you are a business partner:
- Managing our business relationship with you
Our legal basis for processing your personal information
Where we process your personal information for the purposes set out above, we generally rely on one or more of the following legal bases.
For all personal information:
- Performance of a contract – we must use your personal information to perform a contract with you – for example, to perform your insurance policy with us
- Legitimate interests – as an insurance business, we have a legitimate interest in using your personal information to provide your insurance cover, manage our business relationship with you and protect ourselves from fraud
- Legal obligation – we must use your personal information to comply with our legal or regulatory obligations – for example, in relation to carrying out background checks or reporting financial crime
For special category personal information:
- Insurance purpose – it is necessary for us to use your special category personal information for an insurance purpose
- Legal claims – it is necessary for us to use your special category personal information to establish, exercise or defend legal claims
In some instances, we may use your personal information on the basis of your express consent. Where we rely on your consent as a legal basis for processing your personal information, we will expressly inform you that we are doing so at the time that we request your consent. You do not have to give your consent and you may withdraw your consent at any time. However, if you do not give your consent, or you withdraw your consent, this may affect our ability to provide you with certain services. If you choose to withdraw your consent, we will inform you of the consequences of withdrawal.
Click HERE for further details about our legal basis for using your personal data.
Where does your personal information go?
We may need to transfer your personal information to third parties or to other AXIS group companies, to help manage our business and delivery of services to you. The third parties may include:
For insureds or potential insureds:
- Other insurers or reinsurers
- Service providers who supply back office support
- Regulators, including the Financial Conduct Authority (FCA), Information Commissioners’ Office (ICO), or Prudential Regulation Authority (PRA)
- Credit reference agencies
- Foreign law enforcement agencies
- Third-Party Administrators
- Adjusters and other claims experts
- Service providers who supply back-office support
- Outside legal counsel
- Credit reference agencies
- Foreign law enforcement agencies
Whenever it is necessary to transfer your personal information to our AXIS group companies, agents or contractors located outside of the EEA, we will take appropriate steps to ensure that such transfer adequately protects your rights and interests.
We will only transfer your personal information to countries recognized as providing an adequate level of legal protection, or where we are satisfied that protections are in place to properly protect your privacy rights.
Transfers between AXIS group companies are covered by intra-organizational agreements that provide specific requirements designed to ensure your personal information receives adequate protection whenever it is transferred within AXIS.
Transfers to our service providers and business partners are protected by contractual agreements that also require an adequate level of data protection.
You have certain rights in relation to how AXIS collects and uses your personal information. To exercise any of these rights, please contact us as set forth below. Your rights include:
Right to Access – you may:
- confirm whether we are collecting and using your personal information
- obtain a copy of your personal information from AXIS
- obtain additional information about your personal information,
- what information we have
- how we collect your information
- how we use it
- to whom we disclose it
- whether we transfer it outside the EEA, and how we protect it
- how long we keep it
- your rights
- how you can make a complaint
Right to Rectify – you may ask us to correct personal information that is inaccurate.
Right to Erasure – you can ask us to erase your personal information only where:
- it is no longer needed for the purposes for which it was collected
- you have withdrawn consent that you explicitly provided
- it was unlawfully processed
- you have an appropriate Right to Object (see below)
- AXIS must comply with a legal obligation to erase the personal information.
AXIS is not required to erase your personal information if continued collection and use of it is necessary:
- to comply with a legal obligation
- to establish, exercise or defend legal claims of the company or our insureds.
Right to Restrict Use – you can ask us to restrict the use of your personal data only where:
- you contest its accuracy, in order to give us the opportunity to verify and correct it
- its collection and use is unlawful, but you do not want it erased
- it is no longer needed for the purposes for which it was collected, but is still needed to establish, exercise, or defend legal claims
- you have exercised the right to object and that decision is pending.
We may continue to use your personal information where:
- you have consented to its use, and have not withdrawn that consent
- we must use it to establish, exercise, or defend legal claims
- we must use it to protect the rights of another person.
Right to Data Portability – you can ask that we provide your personal information to you in a structured, portable format, or that your personal information be directly transferred to another company, but only if our collection and use of that information:
- is based on your consent, or on the performance of a contract with you
- is carried out by automated means.
Right to Object – you can object to the collection and use of your personal information for which AXIS uses “legitimate interest” as its basis for collection, if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you object, we have the opportunity to demonstrate that our legitimate interests are compelling enough to override your rights and freedoms.
Right to File Complaint – you can file a complaint with your local supervisory authority regarding our collection and use of your personal information.
International Transfers – you can ask for information on the protections under which your personal information is transferred outside of the EEA. We may redact certain portions of this information for reasons of commercial sensitivity.
Subject Access Requests Administration: the following may apply to your request regarding your personal information:
- We will respond to all valid requests within one month of receipt.
- You will generally not be charged a fee when we process your request.
- We reserve the right to charge a reasonable fee if your request is manifestly unfounded or excessive or you ask us for further copies of information already provided.
How to Contact Us
Please address all inquiries, requests, and other communications regarding your personal information or this Privacy Notice to:
Contact: Data Protection Officer
Address: 52 Lime Street, London EC3M 7AF
LAST UPDATED 17th December 2019