Aguila Risk Global Data Privacy Notice
Aguila International Risk is an international insurance brokerage with offices in the UK, EU and USA. This Privacy Notice is issued on behalf of the Aguila group of companies, which we refer to when we mention “Aguila”, “we”, “us”, or “our” in this Privacy Notice.
Aguila is firmly committed to protecting the privacy and confidentiality of information that identifies or relates to an identifiable individual (“Personal Information” or “Personal Data”) that it collects, uses, discloses, stores, and transmits (processes) while providing its insurance placement, managing general underwriter, program administrator, risk advisory and management, claims management and other services (the “services”). This Privacy Notice is designed to inform you of how we collect, use, and disclose Personal Information, as well as to outline your rights.
The Aguila group company who is responsible for, or administers, it’s services to you is also responsible for processing the personal information provided to us. Please refer to the location specific privacy notice.
What does this Privacy Notice do?
This Privacy Notice (“Notice”) outlines Aguila’s information processing practices. It applies to any personal information you provide to Aguila and any personal information we collect from other sources, unless you receive a more specific privacy notice at the time of data collection. This Notice does not cover your use of any third-party websites linked from our site or any sites with their own privacy notices.
The purpose of this Notice is to help you understand our practices regarding the collection, use, and disclosure of personal data by explaining:
- Who is responsible for your information?
- How do we collect your information and what information do we collect?
- Do we collect information from children?
- How do we use your personal information?
- Legal basis
- How do we disclose your personal information?
- Do we transfer your personal information across geographies?
- How long do we retain your personal information?
- Do we have security measures in place to protect your information?
- Your information rights
- Automated Decisions
- Contact Us & Complaints
- Changes to this Notice
1. Who is responsible for your information?
The Aguila group company who is responsible for, or administers, it’s services to you is also responsible for processing the personal information provided to us. Please refer to the location specific privacy notice.
2. How do we collect your information and what information do we collect?
The personal information we collect varies depending upon the nature of the services we provide to you. This Notice provides an overview of the categories of personal information we collect and the purposes for which we use it. Additional details about the specific personal information collected for each of our services, along with the purpose and legal basis for collecting it, may be provided to you in separate privacy notices relevant to those services.
Aguila collects personal information in the following ways:
Information you provide to us
Aguila collects information directly from you when you:
- Request a service from us;
- Visit an Aguila website;
- Attend an Aguila event;
- Apply for an employment position at Aguila;
- Contact us with a complaint or query;
- Engage with us over social media; or
- Register with or use any of our websites or
You are required to provide any personal information we may reasonably require (in a form acceptable to us) to fulfill our obligations in connection with the services we provide to you, including any legal and regulatory obligations. Where you do not provide or delay in providing information, we reasonably require to fulfil these obligations, we may be unable to offer the services to you and/or we may terminate the services provided with immediate effect.
If you provide Aguila with personal information about third parties (e.g., your spouse, civil partner, children, dependents, emergency contacts, family members, or clients), you should, where appropriate, share this Notice with them beforehand or ensure they are otherwise informed about how Aguila will use their information. If you provide information about your beneficiaries, we may require you to obtain explicit consent on their behalf.
Information we automatically collect
In some instances, we automatically collect certain types of information when you visit our websites and through e-mails that we may exchange. Automated technologies may include the use of web server logs to collect IP addresses, “cookies” and web beacons. Further information about our use of cookies can be found in our Cookie Notice and Cookie Preference Center at the footer of our page (where applicable).
Information we collect from clients or third parties
In the course of providing services to our clients, we may collect personal information about you from them, including your name, contact details, date of birth, gender, marital status, financial information, and employment details. Additionally, we may collect sensitive information relevant to the services we provide, such as health information related to life, health, professional liability, and employers’ liability insurance, or employee benefit programs sponsored by your employer. Most of the personal information we receive relates to your participation in your employer’s compensation and benefits programs.
We may also obtain personal information about you from other third parties, such as insurers, underwriters, reinsurers, credit reference agencies, medical professionals, government bodies, claimants, vetting and data validation agencies, and other professional advisory service providers. This information may be gathered before and during the course of providing services to you. Where permitted by national law and appropriate to do so, we may also collect criminal records information, such as when required for business acceptance, finance, administration, recruitment, anti-money laundering, and sanctions screening processes.
The information we collect about you may include the following:
| a. | Basic personal details, such as your name, address contact details, date of birth, age, gender and marital status; |
| b. | Unique identifiers such as National Insurance Numbers or pension scheme reference number; |
| c. | Demographic details, such as information about your age, gender, race, marital status, lifestyle, and insurance requirements; |
| d. | Employment information such as role, employment status (such as full/part time, contract), salary information, employment benefits, and employment history; |
| e. | Financial details such as payment card and bank account details, details of your credit history and bankruptcy status, salary, tax code, third-party deductions, bonus payments, benefits and entitlement data, national insurance contributions details; |
| f. | Your marketing preferences; |
| g. | Online information: e.g., information about your visits to our websites; |
| h. | Events information such as information about your interest in and attendance at our events, including provision of feedback forms; |
| i. | Social media information such as interactions (e.g., likes and posts) with our social media presence; and |
| j. | Background checking information such as inclusion on a sanctions list or a public list of disqualified directors, the existence of previous or alleged criminal offences, or confirmation of clean criminal records, information in relation to politically exposed persons |
| k. | Account login credentials such as username and password, password hints and security information related to a Service we provide |
| l. | Insurable Risk information such as information necessary for us to secure insurance products/quotes, provide risk consulting services, and/or offer guidance on other insurance products/ This information may include:
|
When we collect sensitive personal information (such as details about your health or alleged criminal activities), we will ensure that it is necessary and conducted in compliance with applicable laws. This may involve obtaining your explicit consent and/or required authorizations before the collection takes place.
3. Do we collect information from children?
Our websites are not directed to children (or minors) and we do not knowingly collect personal information from children (or minors) on our websites. Children (or minors) are prohibited from using our websites.
However, certain Aguila products may require the processing of data related to children or minors, such as their date of birth, address, and other identifiable information. This data is not collected directly from children but is obtained from other sources, such as our clients, the insurer, or directly from you as the parent or guardian (e.g., when a child is named as a beneficiary on an insurance policy or pension plan).
4. How do we use your personal information?
Below is a summary of the purposes for which we use personal information. Additional details about the specific personal information collected for each of our services, including the purpose and legal basis for collecting it, may be provided in separate privacy notices relevant to the services that apply to you.
Performing services for our clients
We process personal information provided by our clients to deliver our commercial, personal risk data and analytics services. The specific purposes for processing your personal information will be defined by the details of our client engagement, as well as by relevant laws, regulatory guidance, and professional standards.
Administering our client engagements
We process personal information about our clients and the representatives of our clients in order to:
- Fulfill Aguila’s regulatory and compliance obligations, including:
- Conducting “Know Your Customer” checks and screening;
- Ensuring compliance with Anti-money laundering regulations;
- Performing sanctions screening;
- Obtaining and update credit information with appropriate third parties, such as credit reporting agencies, where transactions are made on credit;
- Communicate with our clients;
- Address client inquiries and handling complaints;
- Process insurance premiums and any mid-term policy adjustments; and
- Administering
Communications and marketing to our clients and prospective clients
We process personal information about our clients, prospective clients, and representatives of our clients in order to
- Send newsletters, know-how, promotional material and other marketing communications;
- Invite our contacts to events, including organising and managing those events.
Conducting data analytics, benchmarking and modelling
As an innovative company, Aguila uses its extensive experience from past engagements to analyse trends and develop advanced products and services. This may involve utilising this data to perform analysis, modelling, benchmarking, and research.
Crime Prevention
We process personal information to facilitate the prevention, detection and investigation of crime and the apprehension or prosecution of offenders and to comply with relevant laws and regulations. This includes conducting anti-money laundering and sanctions screening checks as part of our business acceptance, finance, administration, and recruitment processes.
Mergers and acquisitions
We process personal information in the event of a sale, acquisition or reorganisation. This includes processing personal data for planning and due diligence purposes both before and after the transaction, to facilitate the sale, acquisition, or reorganisation, and to transfer business records to successors.
Process and service improvement
We process personal data to maintain and improve processes in delivering our services and utilizing technology, including system testing and upgrades. This includes processing data to develop new services.
Other uses of personal information
If we wish to use your personal information for a purpose that differs from the one for which it was originally collected, we will seek your consent, unless the processing is necessary to fulfil our legal and regulatory obligations. In every situation, we ensure that our legal use of your personal information is balanced with your interests, rights, and freedoms in accordance with applicable laws and regulations, minimizing any unnecessary risk to your data.
5. Legal basis
We rely on the following legal grounds to collect and use your personal information:
| a. | Performance of the service contract | Where we offer services or enter into a contract with you to provide our services, we will collect and use your personal information where necessary to enable us to take steps to offer you our services, process your acceptance of the offer, and fulfil our contractual obligations to you. |
| b. | Legal and regulatory obligations | The collection and use of some aspects of your personal information is necessary to enable us to meet our legal and regulatory obligations. As a licensed and regulated entity, Aguila is required to provide some services in compliance with industry-specific regulatory rules. |
| c. | Preventing and detecting fraud | We use your personal information, including data related to criminal convictions or alleged offenses, to prevent and detect fraud, financial crime, and other crimes within the insurance and financial services sectors. |
| d. | Legitimate interests | The collection and use of some aspects of your personal information is necessary to enable us to pursue our legitimate commercial interests, such as:
|
| e. | Consent | In certain cases, we rely on your consent as a legal basis. For example, we seek your consent to collect and use special categories of personal data (such as information relating to physical or mental health). If you provide such data about other individuals such as employees, family members, dependents or clients, you must obtain their consent before disclosing it to us. We may also share this information with other insurance market participants and third parties (e.g. insurers, reinsurers, brokers) where necessary to offer, administer and manage the services provided to you. Where we rely on your consent, you are not required to provide it, and you may withdraw your consent at any time. However, if you choose not to provide information that we reasonably require, we may be unable to offer you the services and/or may terminate the services immediately. By choosing to receive services from us, you agree to the collection and use of your personal information as described in this section of the Notice. You also agree that this information may be collected and used for the purposes stated above by the insurance underwriter or insurer(s) named in your policy documentation. Please refer to the insurer’s privacy notice on their website for more details about their privacy practices.
|
Substantial public interest (in accordance with applicable law) | If permitted by applicable law, we may collect and use your information for reasons of substantial public interest, such as preventing or detecting unlawful acts or in the interest of public health. |
6. How do we disclose your personal information?
We may share your personal information with the following categories of recipients where necessary to offer, administer and manage the services provided to you:
a. | Within Aguila: We may share your information with other Aguila entities, brands, divisions, and subsidiaries for the purposes described in this Notice. |
b. | Insurance market participants: This includes insurers, insurance underwriters, reinsurers, brokers, intermediaries, and loss adjusters, as necessary to offer, administer, and manage your services. The insurance underwriter, listed in your policy documentation, is responsible for underwriting your policy. For details on their privacy practices, please refer to their privacy notice available on their website. |
c. | Vetting and risk management agencies: We may share information with credit reference, criminal record, fraud prevention, data validation and other professional advisory agencies, where necessary to prevent and detect fraud in the insurance industry and take steps to assess the risk in relation to prospective or existing insurance policies and/or services; |
d. | Legal advisers, loss adjusters, and claims investigators: We may disclose your information to legal advisors, loss adjusters, and claims investigators as needed to investigate, assert, or defend legal or insurance claims. |
e. | Medical professionals: If you provide health information in connection with an insurance claim, we may share this with relevant medical professionals. |
f. | Law enforcement bodies: Where required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other legal request, and where necessary to facilitate the prevention or detection of crime or the apprehension or prosecution of offenders; |
g. | Public authorities, regulators and government bodies: We may share your information with government bodies, regulators, or authorities to comply with legal obligations or investigations into suspected illegal activities. |
h. | Third-party suppliers: We may outsource processing operations to third-party suppliers, such as IT service providers, telecommunications networks, and contact centers. These operations will be conducted under our control, adhering to our security standards and instructions. |
i. | Successors of the business: Where Aguila or the services are sold to, acquired by or merged with another organisation, in whole or in part, and personal information needs to be shared with relevant third parties as part of due diligence processes and transfers to the new entity. Where personal information is shared in these circumstances it will shared in accordance with this Notice. |
j. | Internal and external auditors where necessary for the conduct of company audits or to investigate complaints or security threats. |
k. | Business partners: We may share information with joint venture entities, sponsors, or other third-party business partners collaborating with Aguila on projects, events, products, or services. For details on their privacy practices, please refer to their privacy notices. |
7. Do we transfer your personal information across geographies?
We operate globally, and as such, we reserve the right to transfer your personal information to other countries for processing in line with the purposes outlined in this Statement. These transfers may be necessary to provide, administer, and manage the Services offered to you and to enhance the efficiency of our business operations. We will make every effort to ensure that these transfers comply with all applicable data privacy laws and regulations, and that your rights and freedoms are adequately protected under those laws.
If we collect personal information about you in the UK or the European Economic Area (EEA), we may transfer it to countries outside the UK or EEA for the purposes outlined in this Statement. These transfers may include countries that the European Commission (EC) and the UK data protection regulator recognize as providing adequate data privacy safeguards, as well as some countries that do not have an adequacy decision. For transfers to countries without an adequacy decision, we will implement appropriate safeguards, such as standard contractual clauses approved by the EC or UK data protection regulator. If necessary, we may also introduce additional technical, organizational, or contractual measures to ensure an adequate level of protection for your personal information. Further details about these safeguards can be provided upon request.
When we do, if the applicable law requires, we use of various legal mechanisms to help ensure your rights and protections travel with your data, such as:
Internal Transfers. We ensure transfers between Aguila entities are covered by agreements that incorporate prescribed contractual wording, such as the EU Commission’s standard contractual clauses, which contractually oblige each party to ensure that personal information receives an adequate and consistent level of protection.Transfers to Third Parties. Where we transfer to or receive your personal information from third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information, which incorporate standard contractual clauses where required.
Law Enforcement and Regulatory Requests. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information is disclosed.
8. How long do we retain your personal information?
The length of time we retain your personal information varies based on the purpose for which it was collected and the nature of the information itself. We will retain your personal information only for as long as necessary to fulfill the purposes outlined in this Notice, unless a longer retention period is allowed or mandated by law. In alignment with the Aguila Record Retention Policy, your personal information will be securely destroyed once it is no longer needed.
9. Do we have security measures in place to protect your information?
We prioritize the security of your personal information. Aguila has implemented a range of reasonable physical, technical, and administrative security measures to protect your data from loss, unauthorized access, misuse, alteration, or destruction. These measures are designed to ensure that your information is processed in compliance with applicable data privacy laws.
10. Your information rights
Subject to certain exemptions and the jurisdiction in which you live, and in some cases dependent upon the processing activity we are undertaking, you may have certain rights in relation to your personal information. We have listed some of the common rights that may be applicable to you below.
Right to Access
You have the right under certain circumstances to access and review personal information which Aguila holds about you.
Right to Rectification
You may have the right to request we correct your personal information where it is inaccurate or out of date.
Right to be Forgotten (Right to Erasure)
You have the right under certain circumstances to have your personal information erased. This is only possible if your data is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the data.
Right to Restrict Processing
You have the right under certain circumstances to request the restriction of your personal information from further use. For example where the accuracy of the information is disputed, and you request that the information not be used until its accuracy is confirmed.
Right to Data Portability
You have the right under certain circumstances to data portability, which requires us to provide personal information to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on consent; or the performance of a contract which you are party to.
Right to Object to Processing
You have the right to object the processing of your personal information at any time. This is only possible where that processing is based our legitimate interests as its legal basis. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to Object to Automated Decision Making
You have the right to object to decisions involving the use of your personal information, which have been taken solely by automated means. For more details, see section 11 below.
Right to Object to Direct Marketing
Where your personal information is processed for direct marketing purposes, you have the right to object at any time to processing of personal data for such marketing. We will provide specific information on how to opt-out from our marketing initiatives through the medium we communicate with you (for example in the form of an “unsubscribe link”).
Right to Withdraw Consent
The right to withdraw consent at any time, whenever we have asked for your consent for processing your personal information without affecting the lawfulness of processing based on consent before its withdrawal. See section 4(e) above for further information. If you opt out please note that, we may still send you service-related communications where necessary.
When you exercise these rights, we may need to ask you for additional information to confirm your identity, before disclosing information to you or responding to your request. We will not charge a fee unless your request is manifestly unfounded or excessive and/or we are permitted by law to levy such charges.
You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way. If we cannot fully address your request, we will contact you in a reasonable timeframe to let you know and explain the reason why your request was denied.
11. Automated Decisions
If you have any questions, would like further information about our privacy and information handling practices, would like to discuss opt-outs or withdrawing consent, or would like to make a complaint about a breach of any applicable data privacy laws or this Notice, please contact the Privacy Officer below by mail or by email at dataprivacy@aguilarisk.com or complaints@aguilarisk.com.
12. Contact Us
When you apply or register for our service, we may use an automated system to determine your eligibility. This automated assessment uses technology (e.g., computer systems) to analyze your personal information without human intervention. The process includes various checks, such as:
Credit history and bankruptcy checksValidation of your driving license and motoring convictions
Verification of your previous claims history
Other fraud prevention measures
If your application does not meet the eligibility criteria, it may be automatically declined, and you will be notified during the application process.
If a decision is made solely through automated means and involves your personal information, you have the right to challenge this decision. You can request a review of the decision with human intervention by contacting us.
Aguila International Risk Ltd | Aguila International Risk SRL |
Privacy Officer
Building 1000 Cambridge Reseach Park Beach Drive, Waterbeach, Cambridge, CB25 9DP, United Kingdom | Privacy Officer Cantersteen 47, 1000 Brussels, Belgium
|
Alternatively, you have the right to contact your local Data Protection Authority.
In the UK, you can contact:
Information Commissioner’s Office Wycliffe House, Water Kane, Wilmslow, Cheshire, SK9 5AF
+44 (0)303 123 1113
In Belgium, you can contact:
Gegevensbeschermingsautoriteit / Autorité de protection des données Drukpersstraat / Rue de la Presse 35, 1000 Brussel / Bruxelles
+32 (0)2 274 48 00
+32 (0)2 274 48 35
contact@apd-gba.be www.dataprotectionauthority.be
13. Changes to this notice
We may update this Notice from time to time to accurately reflect the way that we collect and use personal information about you. When we do, we will post the current version on this site, and we will revise the version date located at the bottom of this page.
We encourage you to periodically review this Notice so that you will be aware of our privacy practices.
This Notice was last updated on 27th August 2024.
