APPLICATION OF THIS PROTOCOL
RiverStone Holdings Limited, together with other members of its group, including but not limited to RiverStone Insurance Limited, RiverStone Insurance (UK) Limited, RiverStone Management Limited and RiverStone Managing Agency Limited (together the “RiverStone Europe Group” or “we” or “us”) are committed to compliance with data protection laws. This protocol (“Privacy Protocol”) sets out the RiverStone Europe Group's personal information collection and sharing practices in relation to the personal information relating to policyholders or claimants and their agents and relatives (“you”) that we collect and use for the administration of insurance policies and products that we insure or reinsure.
This Privacy Protocol is intended to explain our privacy practices and covers the following areas:
- what personal information about you we may hold or collect;
- how we may use your personal information;
- who we may disclose your personal information to;
- how we protect your personal information;
- contacting us and your rights to access and update your personal information; and
- how changes to this Privacy Protocol will be made.
The RiverStone Europe Group's website at www.rsml.co.uk (the “Site”) contains links to other third party websites. If you follow a link to any of those third party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you provide any personal information to such third party websites.
INFORMATION WE MAY COLLECT ABOUT YOU
- We may collect and process the following personal information about you:
- information that you provide by filling in forms or uploading onto the Site;
- information including your name, address, contact details, details relating to the claim (which depending on the nature of the claim may include medical reports and reports of criminal convictions or crime) that you, your employer or organisation who we insure or a third party claimant provide to us in relation to the administration of an insurance policy that we insure or re-insure;
- information relating to any criminal or fraudulent activities provided to us by you or third parties (such as anti-fraud agencies or other insurers);
- if you contact us, we may keep a record of that correspondence or details of any conversation we may have with you; and
- details of your visits to the Site and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.
USES MADE OF YOUR PERSONAL INFORMATION
- We may use your personal information in the following ways:
- to decide whether to enter into any proposed transaction with you or your employer or organisation that we insure and to administer insurance products where you are the policyholder or a person involved in any claim, including in certain circumstances, disclosing such information to third party anti-fraud agencies for the purposes of detecting and preventing fraud and crime (as further set out in paragraph 3 below);
- to identify you and to carry out any identity checks as may be required by applicable law and regulation and best practice at any given time;
- to recover any payments due to us and where necessary to enforce such recovery through the engagement of payment collection agencies or taking other legal action (including the commencement and carrying out of legal and court proceedings);
- to analyse it in order to better understand the service we provide and in order to better understand our business;
- to notify you about changes to our services; and
- to ensure that content from our Site is presented in the most effective manner for you and for your device.
DISCLOSURES TO THIRD PARTIES
- We may also permit selected third parties and agents to use your personal information, for the purposes set out in paragraph 2 above who will be subject to obligations to process such information in compliance with the same safeguards that we deploy. Specific examples are set out in paragraphs 4.2 to 4.6 below but do not in any way limit this paragraph 3.1. All such disclosures will only be made in accordance with applicable laws, including banking secrecy laws.
- If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies or other insurers and may be recorded by us or by them.
- Law enforcement agencies may access and use this information.
- We and other organisations may also access and use this information to prevent fraud and other crimes, for example when:
- deciding whether to make a payment to you under an insurance policy;
- taking steps to recover payments due to us (as outlined in paragraph 2 above); and
- checking details of job applicants and employees.
- We, and other organisations that may access and use information recorded by fraud prevention agencies, may do so from other countries.
- In the event that the RiverStone Europe Group (or a part thereof) is (i) subject to negotiations for the transfer of business or (ii) is transferred to another party or undergoes a re-organisation, you agree that any of your personal information which it holds may be disclosed to such party (or its advisors) as part of any due diligence process or transferred to that re-organised entity or third party and used for the same purposes or for the purpose of analysing any proposed sale or re-organisation.
- We may disclose your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or in order to enable the RiverStone Europe Group to comply with its regulatory requirements or dialogue with its regulators as applicable.
TRANSMISSION, STORAGE AND SECURITY OF YOUR PERSONAL INFORMATION
- No data transmission over the internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with applicable data protection legislative requirement.
- All your information is stored on our secure servers (or secure hard copies) and accessed and used subject to our security policies and standard.
- Your personal information may be accessed by staff or suppliers in, transferred to, and/or stored at a destination outside the European Economic Area (“EEA”) in which data protection laws may be of a lower standard than in the EEA. Regardless of location or whether the person is an employee or contractor we will impose the same data protection safeguards that we deploy inside the EEA.
- We will retain your personal information for as long as is necessary for the processing purpose for which they were collected. Certain claims details and correspondence may be retained until the time limit for any legal challenges to the claims has expired or in order to comply with regulatory requirements regarding the retention of such data. Data may also be retained for or included in analysis carried out by the RiverStone Europe Group with respect to its own business.
YOUR RIGHTS AND CONTACTING US
- The Data Protection Act 1998 gives you the right to access certain personal information held about you. Your right of access can be exercised in accordance with the act. Any access request may be subject to a fee to meet our costs in providing you with details of the personal information we hold about you.
- We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by contacting us as set out in paragraph 7.2 below.
- A member company of the RiverStone Europe Group is the data controller in respect of your personal information processed by us under this Privacy Protocol. That member company has delegated the administration of its data protection duties to RiverStone Management Limited for the purposes of corresponding with individuals whose personal information the RiverStone Europe Group holds and uses.
We can be contacted in relation to your rights or any questions you may have in respect of this Privacy Protocol or our processing of your personal information at the following addresses:
Data Protection Officer
RiverStone Management Limited
161-163 Preston Road
CHANGES TO OUR PRIVACY PROTOCOL
- We may change the content of our website or services without notice, and consequently our Privacy Protocol may change at any time in the future. We therefore encourage you to review it from time to time to stay informed of how we are using personal information.