Privacy Notice – Howden Insurance Brokers W.L.L
In compliance with the provisions of Law No. 30 of 2018 with respect to Personal Data Protection Law of Bahrain (hereinafter PDPL),Howden Insurance Brokers W.L.L (“Howden”, “we” “us” and “our”), acting as the Data Controller, are committed to protecting your privacy. Here we explain how and why and how we process your personal data, the third parties with whom we may share your personal data, what your rights are in the event we hold your personal data, and how you can enforce these rights with us.
In this policy “Howden”, “we” and “our” means Howden Insurance Brokers (W.L.L) and its subsidiaries and associated companies.
- What information do we collect?
We collect your personal data and use it in different ways depending on your relationship with us, for example if you are a policyholder, related party or claimant, and how you have interacted with us. This can include information we receive from other third parties. Depending on your relationship with us, we may hold the following types of personal data about you
- Identity and contact data: for example, identity document, your name, date of birth, postal address, telephone number and e-mail address.
- Claims data: for example, data relating to claims made via us, or your previous claims experience.
- Payment and account data: for example, your bank account details or brokerage fees.
- Location data: for example, your postal or IP address, the location of any insured property, and in the event of a claim, where the incident occurred.
- Correspondence data: for example, copies of letters and e-mails we send you or you send to us, and notes or call recordings of any telephone conversations.
- Internet data: for example, information collected by cookies and other online technologies such as Google Analytics, as you use our website or contact us by online methods.
- Information we obtain from other sources: for example from credit agencies, anti-fraud and other financial crime prevention agencies and other data providers. This can include demographic data and interest-based data.
- Complaint data: for example, what the complaint was, how we investigated it and how we resolved it.
- What PURPOSES do we use your personal data for and what is our LEGAL BASIS?
We are required to establish a legal basis to use your personal data. We use your information for the following lawful reasons:
- To enter into or perform a contract: for example to provide you with an insurance quotation, to start, change or cancel an insurance policy, to administer the policy, to manage any claims which arise, to answer any queries you may have, action your requests or perform any debt recovery
- To comply with a legal obligation: for example the rules set by our regulators, to fulfil your data rights under data privacy laws, handle complaints about data privacy or our financial products and services, and to comply with other legal requirements such as preventing money laundering and other financial crimes
- For our legitimate business interests: for example to offer a renewal, detect and prevent fraud, for statistical analysis, to monitor and improve our business and our products and services, demonstrate compliance with applicable laws and regulations and some marketing activities. Where we rely on this lawful reason, we assess our business needs to ensure they are proportionate and do not affect your rights.
- With your consent: for example if you consent to us contacting you for marketing purposes.
- To protect vital interests: in extreme or unusual circumstances, we may need to use your information to protect your life or the lives of others.
- How and where is your information shared?
Where applicable, we may share your personal data with the following recipients when we have a valid reason to do so:
- Other Howden Group companies;
- Service Providers who help us manage our IT and back office systems, or who provide platforms to us that we then use or make available to you;
- Marketing fulfilment & customer satisfaction service providers, acting on our behalf in facilitating online events, providing marketing communications and capturing feedback on our products and services;
- Any third party where disclosure is required to comply with a contractual, legal or regulatory requirement;
- We may disclose aggregate statistics about site visitors and customers in order to describe services to prospective partners, advertisers and other reputable third parties and for other lawful purposes, but these statistics will include no personally identifying information.
- Sharing personal data within the Howden Group
As stated above, and depending on our relationship with you and the services you may receive from us, we may share your personal data with other companies within the Howden Group. This will generally be for the following purposes:
- To receive administrative support from those companies, such as I.T. Finance, Legal, HR, Compliance or other central services;
- For promotional purposes.
We will only share the minimum amount of personal data required to achieve these purposes, ensuring that we have a lawful basis to share personal data and that any processing undertaken on our behalf (even by another Howden Group company) is governed by a suitable data sharing agreement.
- International data transfers
For legitimate business purposes, to help prevent/detect crime or where required by law or regulation, we may need to transfer your personal data to parties based outside of the Kingdom of Bahrain. Where we do this, we will ensure that your information is protected in accordance with the applicable data protection requirements.
If the data protection laws of the country that the recipient of your data is based in are not recognised as providing sufficient protection by the Kingdom of Bahrain, we will ensure that the recipient enters into a formal and enforceable legal agreement that reflects the standards required.
You can ask us for more information about the safeguards we use when sending your personal data overseas by contacting us on the details shown in the “our contact details” section of this privacy notice.
- Retaining personal data
We retain personal data to meet a number of legal and regulatory requirements, as well as our own legitimate business interests.
In most cases we will retain your personal data for seven (7) years following the end of your relationship with us. We maintain a retention schedule that gives further information on the types of information we retain, how long we hold it for and why we hold it.
We place great importance on the security of all personally identifiable information associated with our customers. We have security measures in place to protect against the loss, misuse and alteration of customer data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to user information. While we cannot ensure or guarantee that loss, misuse, or alteration of data will not occur, we use our best efforts to prevent this.
- Your data rights
Data protection law gives you rights relating to your personal data. This section gives you an overview of these rights, how they relate to the information you give us, the circumstances under which a right may not be absolute, and how you can send us a request to enforce one of these rights. We aim to provide a final response within one month of receiving a request, unless the request is particularly complex in which case we will let you know when we expect to complete it by:
Right to access
You have a right to request a copy of the personal data that we hold on you, along with meaningful information on how it is used and who we share it with. This right always applies, but there are some instances where we may not be able to provide you with some or all of the information we hold. Where this is the case we will explain to you why when we respond to your request, unless the relevant laws or regulations prevent us from doing so.
Right to rectification
You have a right to ask us to correct inaccurate or incomplete personal data that we hold about you. We will either confirm to you that this has been done, or if there is a valid reason that this cannot be done, we will let you know why.
Right to erasure
You can request that we delete your personal data in certain circumstances, for example if we no longer need the personal data for the purpose(s) for which we collected it. We will either confirm to you that this has been done, or if we are unable to delete it due to a compelling overriding reason we will let you know why and also inform you how long we will hold it for.
Right to restrict processing
You can ask us to restrict the processing of your personal data in certain circumstances. If you do so, we will either confirm to you that this has been done, or if we are unable to do so, we will inform you why.
Right to object to processing based on our legitimate interests
Where we process your personal data to achieve a legitimate business interest of ours, as opposed to where we process your personal data to fulfil a contractual obligation or to satisfy a legal obligation, you have the right to challenge this. If you do so, we will either confirm to you that the processing has stopped, or if we believe there is a valid reason for the processing to continue, we will inform you why.
Right to object to automated decision-making
You have the right to object to decisions made about you using your personal data and undertaken by purely automated means. If you do so, we will arrange for someone to assess the automated decision and confirm the outcome of this assessment to you.
Right to object to direct marketing
You can object to receive direct marketing from us, and this right is absolute. You can do this by simply clicking on the unsubscribe link in any email you receive from us or alternatively getting in touch with us.
Cookies are pieces of information that a website transfers to your hard drive to store and sometimes track information about you. Most web browsers automatically accept cookies, but if you prefer, you can change your browser to prevent that. However, you may not be able to take full advantage of a website if you do so. Cookies are specific to the server that created them and cannot be accessed by other servers, which means they cannot be used to track your movements around the web. Although they do identify a user’s computer, cookies do not personally identify users and passwords and credit card information are not stored in cookies.
- estimate our audience size and patterns;
- track preferences and to improve and update our website.
- Your acceptance of these terms
By providing us with your information you agree to its use by us in accordance with this Privacy Notice. If we change our privacy notice in any way, we will post these changes on this page. You are responsible for periodically visiting the Howden website and this privacy notice to check for any changes.
- Contact Us
Please e-mail any questions, concerns or comments you have about this policy to: [email protected] or write to us at:
Howden Insurance Brokers W.L.L
Flat 3502, Building 316
Howden Insurance Brokers W.L.L is licensed as an Insurance Broker by the Central Bank of Bahrain under company registration number 160474 & Part of the Howden Group Holdings. Registered in England & Wales under company registration number 203500. Registered address: One Creechurch Place, London EC3A 5AF.