Privacy Notice for Maiden Life & General

To work effectively we may need to share your personal information with third parties: within our corporate group of companies and with our contractors, as described below. Some of the third parties process your personal information on our behalf as our processors (in which case we remain responsible for their processing of your personal information) and others are controllers of personal information in their own right (in which case they are responsible for the processing of your personal information).

It should be noted that we shall never sell your information to a third party without your express approval.

We shall share your details with contractors and sub-contractors (including companies within the Maiden Life & General Group) in order to implement our contract with you and for other purposes which will be apparent from this privacy notice. Such contractors include suppliers of insurance administration, claim adjustment, and IT contractors. If the contractor/sub-contractor processes your personal data on behalf of Maiden Life & General as our processor, Maiden Life & General will ensure that the contractor/sub-contractor has undertaken to process your details in accordance with Maiden Life & General’s data protection policy and other regulations.

We shall also share your details with the insurance intermediary you have contact with when taking out an insurance policy and with a reinsurance company which reinsures our policies. Some of these re-insurance companies are within the Maiden Life & General Group. This applies to any information which we need to allow the insurance intermediary/reinsurance company to manage your insurance policy and our own reinsurance policy and to fulfil their undertakings in accordance with the law, the Regulation and the rules of our regulators. These entities will process your personal information as controllers in their own right, and we disclose your personal information to them in order to perform our contract with you and/or for the legitimate interests of enabling your policy to be reinsured (which are not overridden by your own interests, rights and fundamental freedoms because this enables us to provide a better service to you).

We shall also release your details to the authorities, including the Police, the Tax Service, and other authorities if we are obliged to do by law or with your consent (to the extent that we seek to obtain your consent). One example of when the law obliges us to release information is in the case of measures designed to combat money laundering and funding for terrorism. The information which is shared is subject to the authority’s data protection policy as the authority is a controller of your personal information in its own right.

Lastly, Maiden Life & General will share your details with third parties in connection with the purchase or sale of business or assets. Your details may then be shared with prospective vendors or purchasers as such sharing is the legitimate interests of the purchaser of business/assets to continue the relevant business following their acquisition, and in our legitimate interests to be able to sell our business or assets to a purchaser, these interests are not overridden by your own interests, rights and fundamental freedoms because it enables the purchaser to continue to provide you with services). In the event that Maiden Life & General or a significant part of Maiden Life & General’s business or assets should be acquired by a third party your details may then be shared with it.

Your data will be processed within the EU/EEA and/or United Kingdom. In some circumstances your details may, however, be transferred and processed in a country outside the EU/EEA and/or United Kingdom, in countries whose data protection laws do not provide the same level of protection for your personal data as the United Kingdom and EU/EEA. The country to which your personal data may be transferred is the United States (where a company within the Maiden Life & General Group who provides IT services to us is located). When we transfer your personal information outside of the EU/EEA and/or United Kingdom we are required by data protection laws to take certain steps (such as entering into approved mechanisms and conducting risk assessments) to ensure your personal information is appropriately protected.

We shall keep your personal information for only so long as it is necessary to fulfil our agreement with you and for so long as is required by law. As a principle, that means that we shall keep your personal information for the entire duration of the agreement and for a period of eleven years thereafter (corresponding to the statutory period of limitation which applies in the context of insurance). If we save your personal information for any purpose other than our agreement with you, e.g. to meet requirements in respect of accounting (seven years) or measures to combat money-laundering (five years), we shall hold on to the personal information only for so long as is necessary and/or required by law.

If we do not offer you a policy after you apply to become insured by us, or we do not conclude an agreement despite having made an offer to you, we shall delete your personal information within six months of the rejection or acceptance of your notification that do not wish to take out a policy with us.

We make use of cookies and similar technology to provide a good on-line experience which suits you. For more information about how this works, please refer to our cookie policy.

In order to comply with anti-money laundering regulations, we will use your personal data to check if you are either a politically exposed person (“PEP”) or are a relative or close associate (“RCA”) of a PEP. PEPs are individuals entrusted with prominent public functions such as heads of state, MPs, judges or ambassadors. It does not apply to local government or more junior members of the civil service. Relative would include spouse, children and their spouses, parents and siblings.

The checks may include publicly available information, reliable public registers or a commercial database designed for this purpose. If you are identified as a PEP or an RCA, we must assess the level of risk associated with you and the extent to which enhanced due diligence measures need to be carried out. The fact that you are a PEP or RCA does not exclude you from having the insurance product, it just means that additional measures need to be carried out to comply with anti-money laundering regulations.

Maiden Life Försäkrings AB (company registration number 516406-0469) and Maiden General Försäkrings AB (company registration number 516406-1003), are registered with Finansinspektionen [the Financial Supervisory Authority] and Bolagsverket [Companies Registration Office] and have offices at Styckjunkargatan 1, 114 35 Stockholm, Sweden. We comply with Swedish data protection legislation. This notice relates to our UK branches only, who are subject to UK data protection legislation. You have the right to lodge a complaint with the ICO (the UK’s data protection supervisory authority) about our UK branches’ processing of your personal information – you can find out how to do this by visiting the ICO’s website https://ico.org.uk/

If you have any questions about data protection please get in touch with us by ringing us on +44 (0)1494 687599 or send an e-mail to dataprotection@maideniis.com or a letter to us at Maiden Life & General, Artisan, Suite H2, Hillbottom Road, High Wycombe, Bucks, HP12 4HJ. You can also contact our Data Protection Officer at dataprotection@maideniis.com.