Privacy Policy

Malta

This data protection and privacy notice describes how Starr Europe Insurance Limited ("Starr" "we" or "us") collects and processes personal information about policyholders, beneficiaries or claimants and their agents and relatives ("you"), how we use and protect this information, and your rights in relation to this information.

This data protection and privacy notice applies to all personal information we collect or process about you in relation to the administration of insurance policies, our products and services. Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified.

How We Collect Personal Information

We may collect personal information from you directly and also from other sources described below (depending on the products and services you use):

  1. Broker;
  2. Coverholder;
  3. Third Party Administrator;
  4. Appointed Representative;
  5. Loss Adjuster;
  6. Master Policyholder;
  7. from an organisation we insure;
  8. from third parties such as law enforcement, anti-fraud agencies, other insurers, your solicitor or a credit reference agency;
  9. from publicly available information;
  10. as part of the purchase, sale or merger, or proposed purchase, sale or merger of new business;
  11. Information we collect automatically from you, including data collected using cookies and other device identifying technologies ('Cookies and Tracking Technologies'). Further information about our use of Cookies and Tracking Technologies is available here; or
  12. your employer.
  13. We may be required by law to collect certain personal information about you, or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfilment of these obligations.

    1.1 Information we collect

    The categories of information that we collect directly from you and other sources (depending on the products and services you use) may include:

    1. Contact information, such as first and last name, phone number, email address, postal and billing address or mobile number;
    2. Demographic information, such as age, gender, and marital status;
    3. Information necessary to verify your identity, such as passport, driver’s license, national insurance number, utility bill, birth certificate or marriage certificate;
    4. Family details, such as spouse, partner, joint applicant, next of kin, dependents, designated beneficiary or trustee;
    5. Financial information, such as income, expenditure, credit and bank details;
    6. Professional advisers' details, such as financial advisers, solicitors, estate agents;
    7. Employment information, such as employer’s information, length of service, salary, tax details, places and types of work carried out;
    8. Health information, such as physical, mental, family, medical history, GP details, medical reports, other medical practitioner details;
    9. Claims information, such as information about any claims concerning your insurance policy;
    10. Transactional information, such as information about your services, information relating to any of your requests, queries or complaints;
    11. Usage information, such as IP address, operating system, and date, time, and length of stay on our website); or
    12. Criminal records information.

    1.2 Special categories of personal data

    Some of the categories of information that we collect are special categories of personal data (also known as sensitive personal information). In particular, we may process data concerning health in connection with the administration of insurance policies and any claims.

    In some circumstances, we may need to collect and use this sensitive personal information and information relating to criminal convictions and offences. Where this is required, we will ensure that it is necessary and is done in accordance with applicable law, which may include obtaining your explicit consent and/or authorization prior to collection.

How We Use Your Personal Information And The Basis On Which We Use It

We collect, use, and process your personal information for the following purposes. For each purposes, we set out the legal bases that apply to the purposes for which we use your personal information.

  1. To administer your policy:
    1. identify you, assess and process applications to use our products or services;

    2. communicate to manage and administer insurance with respect to the services that we provide;

    3. manage, process, defend/prosecute and/or investigate claims;

    4. provide, improve and personalise our products and services;

    5. handle enquiries, complaints and requests;
      Legal bases for above purpose: to fulfil our contractual obligations, legitimate interests (in order to allow us to perform our obligations and provide our services to you).

  2. To comply with the legal obligations to which we are subject and cooperate with regulators and law enforcement bodies. Legal bases for above purpose: to comply with our legal obligations, legitimate interest (to comply with our legal obligation and cooperate with law enforcement and regulatory authorities), exercise of legal claims.

  3. To maintain our service quality and improve our products and services. Legal bases for above purpose: legitimate interest (in order to allow us to improve our services).

  4. exercise our legal rights where it is necessary to do so, for example to detect, prevent and respond to fraud claims, money laundering, sanctions or other violations of law. Legal bases for above purpose: to comply with our legal obligations, legitimate interest (in order to comply with our legal obligations and for the purposes of preventing and detecting crime/fraud), exercise of legal claims.

  5. corporate reporting. Legal bases for above purpose: to comply with our legal bases, legitimate interest (in order to allow us to improve our service and change our business (as applicable)).

  6. To provide you with information about our products and services, including personalized communications to present products and offer tailored to your interests and eligibility. Legal bases for above purpose: legitimate interests (in order to allow us to market to you) or consent (where this is required by law).

When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.

When we process personal information based on your consent, you may withdraw your consent at any time by contacting us using the details at the end of this privacy notice.

Your Rights Over Your Personal Information

You have certain rights regarding your personal information, subject to local law. These include the following rights to:

  • access your personal information;
  • rectify the information we hold about you;
  • delete your personal information;
  • restrict our use of your personal information;
  • object to our use of your personal information;
  • receive your personal information in a usable electronic format and transmit it to a third party (right to data portability); and
  • lodge a complaint with your local data protection authority.

If you would like to discuss or exercise such rights, please contact us at the details below.

We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate.

We will contact you if we need additional information from you in order to honour your requests. We will verify your identity in connection with any requests regarding your personal information and take steps designed to ensure that only you, or your authorized representative(s), exercise rights with respect to such information. If you are an authorized agent making a request, we may require and request additional information to verify you are authorized to make the request.

Automated Decisions About You

We may make automated decisions about you where such decisions are required or authorized by law, for example for sanctions screening, fraud prevention and money laundering purposes.

Subject to local legal requirements and limitations, you can contact us to request further information about automated decision-making, object to our use of automated decision-making, or request an automated decision to be reviewed by a human being.

Information Sharing

We may share your personal information with third parties under the following circumstances:

  • Service providers and business partners. We may share your personal information with our service providers and business partners that perform policy administration services and other business operations for us. For example, we may partner with other companies to provide customer service administration, IT systems and software, process secure payments, optimise our products and services, support email and messaging services and analyse information.
  • Law enforcement agency, court, regulator, government authority or other third party. We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
  • Other insurers and reinsurers who help us manage our risk.
  • Professional Advisers. For example, legal advisers, accountants and consultants.
  • Others. We may share your personal information with anyone you ask us to share your information with e.g. your solicitor, claims management provider or complaints handler.
  • Asset purchasers. We may share your personal information with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this privacy notice.
Information Security And Storage

We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.

We will retain your personal information for a period of time that enables us to:

  • Maintain business records for analysis and/or audit purposes;
  • Comply with record retention requirements under the law;
  • Defend or bring any existing or potential legal claims;
  • Deal with any complaints regarding the services; and
  • any other purposes for which personal information will be retained.

We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.

International Data Transfer

Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under European Union law or by the European Commission.

We have put in place appropriate safeguards (such as standard contractual clauses) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.

Children’s Privacy

Starr does not knowingly collect personal information from children. If a parent or guardian becomes aware that his or her child has provided us with personal information without their consent, he or he should contact us at UKGDPR@starrcompanies.com. If we become aware that a child has provided us with personal information, we will delete such personal information from our files.

Marketing

We (or our service providers and advertising partners) may send you direct marketing communications and information about our products and services. Where required by law, we will ask for your consent at the time we collect your personal information to conduct any of these types of marketing. To the extent permitted by law, we will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt-out by contacting us as set out in the “Contact Us” section below.

Third Party Links

Our website may contain links to other websites operated by third parties. We make no representations or warranties to the privacy practices of any third-party website and we are not responsible for the privacy policies or the content of any third-party website. Third party websites are responsible for informing you about their own privacy practices. Please check these policies before you submit any personal information to such third-party websites.

Contact Us

If you have any questions about this Privacy Policy, any concerns or a complaint regarding the treatment of your personal information or a possible breach of your personal information, please contact us at:

Data Protection Officer
Dragonara Business Centre, 5th Floor, Dragonara Road,
St Julians, STJ 3141, Malta ukgdpr@starrcompanies.com

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to a data protection authority.

Changes to the Policy

You may request a copy of this data protection and privacy notice from us using the contact details set out above. We may modify or update this notice from time to time.

If we change this privacy notice, we will update the privacy notice on our website and, where necessary, notify you of the changes.

20 November 2024