Austria
Belgium
Denmark
Estonia
Finland
France
Germany
Greece
Iceland
Ireland
Italy
Liechtenstein
Netherland
Norway
Poland
Portugal
Spain
Sweden
Switzerland
Turkey
United Kingdom
Australia
Fiji
Hong Kong
India
New Zealand
Indonesia
Japan
Malaysia
Philippines
Singapore
Thailand
Brazil
Chile
Colombia
Mexico
Peru
USA
Bahrain
Israel
Morocco
Oman
UAE
Saudi Arabia
Tanzania
Channel Islands Privacy Notice
1. Introduction
At Howden Channel Islands Insurance Brokers (Guernsey) Limited and Howden Channel Islands Insurance Brokers (Jersey) Limited ("Howden Channel Islands”, “we", "us", "our"), we need to collect and process personal data from or about individuals (“you”, “your”) in order to provide our services. This Privacy Notice applies to you in the event that we have collected personal data from or about you in our role as a data controller. It explains when, why and how we collect and process your personal data, the third parties with which we may share your personal data, what your rights are in the event we hold your personal data, and how you can enforce these rights.
We may amend this Privacy Notice from time to time in order to reflect any changes in how we process personal data, or to satisfy any new requirements under applicable data protection laws. If we make any significant changes, we will let you know directly.
This version of the Privacy Notice was published in March 2026.
2. Definitions
To be clear on what we mean in this Privacy Notice:
- “personal data” is any information that can be used to identify a living individual;
- “sensitive personal data” is personal data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, health data, sex life or sexual orientation;
- “data controller” means an organisation that decides how and why to collect personal data;
- “the Howden Group” is Howden Group Holdings Limited and any company or organisation in which Howden Group Holdings Limited holds significant share capital. You can find out more information about the other companies in the Howden Group by visiting www.howdengroupholdings.com; and
“third-party” is someone who isn’t you, us, or a company in the Howden Group.
3. Who does this Privacy Notice relate to?
This Privacy Notice relates to the following types of individuals, where we hold your personal data:
- Individuals who are prospective, current or former clients, including their representatives, for example those with power of attorney;
- Other individuals named on policies, joint policy holders or beneficiaries;
- Employees of our corporate clients who we liaise with, or who are named on a policy;
- Individuals who we liaise with at insurers, managing general agents and other market participants;
- Members of a trade or professional association;
- Individuals who contact us with a query, concern or complaint;
- Individuals whose personal data we may have obtained from publicly available sources, for example in connection with us undertaking background checks on our potential clients; and
- Individuals who solicit us for a quote, or who we solicit for marketing purposes.
4. Who are we?
Howden Channel Islands Insurance Brokers (Guernsey) Limited is regulated by the Guernsey Financial Services Commission (GFSC) and is registered with the Office of the Data Protection Authority (ODPA) under reference number DPA7316. Howden Channel Islands Insurance Brokers (Jersey) Limited is regulated by the Jersey Financial Services Commission (JFSC) and is registered with the Jersey Office of the Information Commissioner (JOIC) under reference number 16156. Our Data Protection team can be contacted using the contact details set out under Section 14.
5. When and how we collect personal data
We may collect personal data from, or about, you at different times and through different channels depending on our relationship with you, for example if:
- You request a quotation from us, either directly or via an intermediary;
- You purchase, change or cancel a policy that has been arranged through us;
- You are covered under, or named on, a policy that has been taken out by your employer;
- We receive notification of a claim that you bring against one of our policyholders;
- You are a client of a business that we acquire;
- You contact us in writing or speak to us on the phone;
- You visit one of our stands at a show or trade fair;
- You give permission to other companies to share your information with us;
- Your information is publicly available and we have a legitimate reasons to use it; or
- We are provided with your personal data by third parties such as anti-fraud and crime-prevention agencies, credit reference and vetting agencies, and other data providers.
6.What personal data do we collect?
Depending on your relationship with us, we may hold the following types of personal data about you:
- Identity and contact data: for example, your name, gender, date of birth, postal address, job title, telephone number, e-mail address, passport number or driving licence number;
- Policy and claims information: for example, your policy number, details of your cover, premiums due, relationship to the policyholder (if applicable) and previous claims history;
- Payment and account data: for example, your bank account details and credit/debit card details where you are the payer of a premium;
- Location data: for example, your residential, work or IP address, the location of any insured item or property, and in the event of a claim, where the incident occurred;
- Correspondence data: for example, copies of letters and e-mails we send you or you send to us, and notes or call recordings of any telephone conversations;
- Information we obtain from other sources: including credit agencies, anti-fraud and other financial crime prevention agencies;
- Complaint data: for example, what the complaint was, how we investigated it and how we resolved it, including any contact with any third-party adjudicator services;
- Internet data: for example, information such as your IP address that may be collected by cookies and other online technologies such as Google Analytics when you visit a Howden Group website, and which may in turn be made available to us; and
Sensitive personal data: for example health-related data or ethnicity data, but only in restricted circumstances as explained under Section 8.
7. The lawful ways we use personal data
We collect and process personal data for the following lawful reasons:
- To comply with a legal obligation: for example the rules set by our regulators the GFSC and the JFSC, to fulfil your data rights under data privacy laws, handle complaints about our services, and to comply with other legal requirements such as preventing money laundering and other financial crimes;
- For our legitimate business interests: for example, to arrange and administer a policy where your employer is our client, to respond to third party claimants, to verify your identity, to maintain accurate records in our systems, to monitor and improve our products and services through the use of analytics, to demonstrate compliance with applicable regulations, to undertake some marketing activities, and to facilitate internal management reporting activities across our businesses. Where we rely on this lawful reason, we assess our business needs to ensure they are proportionate and do not affect your rights. In some instances, you also have the right to object to us relying on this lawful reason (if applicable) to process your personal data. Further information on this right is provided under Section 13;
- With your consent: for example, if you consent to us contacting you for marketing purposes. You can withdraw your consent at any time (to the extent we are relying on it) by using the contact details set out under Section 14; and
- To protect vital interests: in extreme or unusual circumstances, we may need to use your information to protect your life or the lives of others.
8. The lawful ways we use sensitive personal data
We only collect sensitive personal data from or about you where:
- This is necessary for us to advise, arrange or administer an insurance policy or claim arising from one;
- This is necessary for us establish, exercise or defend a legal claim;
- We have obtained your explicit consent; or
- You have manifestly made this type of data public.
9. Who we share personal data with
Below are the categories of third parties that we may share your personal data with, but only where we have a legitimate reason to do so:
- Other Howden Group companies and our Appointed Representatives;
- Insurers, intermediaries (including, but not limited to, other insurance brokers and managing general agencies), risk management assessors, loss adjusters, loss recovery agencies and third party administrators who work with us to help manage and administer our policies;
- Credit reference, credit scoring and fraud prevention agencies;
- Debt collection agencies;
- Law enforcement, government bodies, courts, tax authorities and our regulators;
- Service providers who help us manage our IT and back office systems, or who provide platforms to us that we then use or make available to you;
- Marketing fulfilment, webinar and customer satisfaction service providers, acting on our behalf in facilitating online events, providing marketing communications and capturing feedback from our customers on our service levels;
- Any third party where disclosure is required to comply with legal or regulatory requirements;
- Potential purchasers of our businesses.
10. Sharing data within the Howden Group
As stated in Section 9, we may share personal data with other companies within the wider Howden Group for the following purposes:
- To receive administrative support from those companies, such as the receipt of IT, HR, Finance and Compliance services;
- So that these companies can provide market insight to providers on a confidential basis, but only where personal data has been aggregated or anonymised; and
- So that we can offer you services that may be available from another company in the Howden Group, but only if permitted under electronic marketing laws.
We will only share the minimum amount of personal data required to achieve these purposes, ensuring that we have a lawful basis to share personal data and that any processing undertaken on our behalf is governed by a data processing agreement.
11. International data transfers
Some of the third parties that we work with, for example insurers and our service providers, may be based outside of Guernsey or Jersey. Where we need to transfer personal data overseas to deliver our services or for other legitimate reasons (for example where legally required), and in the event the overseas country is not considered to provide an adequate level of protection by the data protection laws in the locations that we are established, then we shall ensure that a formal and enforceable set of standard contractual clauses is, or has been, entered into between us and the overseas recipient. You can ask us for more information on this by using the contact details set out under Section 14.
12. Retaining and destroying personal data
We retain personal data about you in order to provide any services that you may request from us, to meet a number of legal and regulatory record-keeping requirements, as well as to support our own legitimate business interests. In most cases we will retain your personal data for 7 years following the end of our relationship with you in order to ensure we can sufficiently handle any disputes, claims or complaints that may arise in connection with the relationship. In some cases we may need to retain your personal data for longer than this period, for example if a relevant insurance policy allows for a longer claim notification window. You can request further information on these retention periods by using the contact details set out under Section 14.
14. Your data rights
Data protection laws give you rights relating to your personal data. Should you wish to enforce a right or make a data protection complaint, please use the contact details set out under Section 14. We aim to provide a final response within one month of receiving a request, unless the request is particularly complex. Should you submit a request or complaint to us and remain unhappy with our response, you may raise a complaint directly with the ODPA (www.odpa.gg) or JOIC (www.jerseyoic.org).
| Access | You have a right to request a copy of the personal data that we hold on you, along with meaningful information on how it is used and who we share it with, however there are some instances where we may not be able to provide you with some or all of the information we hold. Where this is the case we will explain to you why when we respond to your request, unless the relevant laws or regulations prevent us from doing so. |
Rectification | You have a right to ask us to correct inaccurate or incomplete personal data that we hold about you. We will either confirm to you that this has been done, or if there is a valid reason that this cannot be done, we will let you know why. |
| Erasure | You can request that we delete your personal data in certain circumstances, for example if we no longer need the personal data for the purpose(s) for which we collected it. We will either confirm to you that this has been done, or if we are unable to delete it due to a compelling overriding reason we will let you know why. |
| Restrict processing | You can ask us to restrict the processing of your personal data in certain circumstances. If you do so, we will either confirm that this has been done, or if we are unable to do so, we will let you know why. |
| Data portability | In certain circumstances you have the right to request that your personal data be transferred to yourself or a nominated third party in a common, machine readable format. If you request this, we will either act upon your instruction and confirm to you that we have done so, or if there is a valid reason that this cannot be done, we will tell you why. |
| Object to direct marketing | You can object to receive direct marketing from us, and this right is absolute. You can do this by simply clicking on the unsubscribe link in any email you receive from us or alternatively getting in touch with us. |
| Object to our legitimate interests | Where we process your personal data to achieve a legitimate business interest of ours, for example those described under Section 7, you have the right to challenge this. If you do so, we will either confirm to you that the processing has stopped, or explain why we believe our interest in the relevant activity outweighs your interest. |
| Object to automated decision-making | If you are an insured person undertaking a credit check through a premium finance lender, we may use Automated Decision Making to determine what action to take based on the resulting credit score. You have the right to object to decisions made about you using your personal data and undertaken by purely automated means. If you do so, we will arrange for someone to assess the automated decision and confirm the outcome of this assessment to you. |
Our contact details
The primary point of contact for all issues arising from this Privacy Notice, including requests to exercise your rights or to submit a complaint, is [email protected].