GJIS Website - Privacy Notice

GJIS (Europe) Limited

Data Protection Notice

Effective 1st February 2021

We respect your trust in us to use, store and share your information. In this notice, we explain how we collect personal information about you, how we use it and how you can interact with us about it. ‘Personal Information’ is information about you and other individuals that identifies or makes an individual identifiable.

Before providing us with Personal Information about someone else, please inform them about this Privacy Policy and (where necessary) get their permission to share their Personal Information.

We try to keep this notice as simple as possible but if you are unfamiliar with our terms, or want more detail on any of the information here, please refer and go to www.gjis.ie to view and read the full terms of Business. You may also contact us directly for more details, as required.

1. Who we are

In this notice, 'we', 'us' and 'our' refers to GJIS (Europe) Limited, a company registered in Ireland under company number 641552, including its trading name Global Jewellery Insurance Services. We are the data controller and are responsible for, and control, the processing of, your Personal Information, in accordance with the GDPR (General Data Protection Regulation) in relation to not only processing your data but to ensure you understand your rights as a customer of ours.

2. Contact us

We welcome your feedback and questions about this Policy. If you wish to contact us please email us at dataprotection@gjis.ie or call us +353 (0)1 2884961

3. How we collect information about you

When you visit our website (at https://www.gjis.ie), make an enquiry, post on our discussion forum, respond to a survey or register with us we may collect some basic information about you, such as your name, contact details and a record of any communications, for the purpose of responding to any query raised or comment made. We also collect statistical data about your browsing actions and patterns. This means information about your computer and your use of our Services, including (where available) your IP address, unique mobile device identifier (UDID), Android ID, device MAC address, browser information, operating system, timestamps, the pages that you request, applications downloaded, traffic data, location data, weblogs and other communication data, and the resources that you access. This will help us make our website work better for you. We will not use this information to identify you.

In addition, we collect Personal Information from you and other third parties (including your family, members, trade associations, your employer, credit reference agencies, anti- fraud and other databases, government agencies, and third parties to a claim (witnesses, experts, loss adjusters, legal representatives etc.), in order to provide insurance quotes, administer insurance policies and/ or deal with any claims or complaints and to provide you with access to our online services (‘Services’). The types of information we collect includes:

Personal details (including name, gender, marital status, date of birth, nationality, account login, photos or CCTV footage of your premises)
Contact details (including residential address, email address, phone number)
Identification numbers (including national insurance number, passport number)
Financial information (including, account details, payment card details, the value of assets insured)
Policy details (including details of the quotes you obtain and policies you purchase)
Credit and anti-fraud data (including credit history/ score, information from anti-fraud data bases)
Claims information (including details of previous or current claims for both related and unrelated insurance products)
Risk details (including information about you we need to collect to assess the risk to be insured and any responses to risk assessment surveys)
Communications (including a record of all correspondence (telephone conversations/ emails etc.)

In certain circumstances we may need to process special categories of data (i.e. details of your health/ physical injuries) and/ or criminal convictions (i.e. driving offences) to assess the risk to be insured and/ or process a claim. We will only process this information where necessary and on the basis of the below legal basis.

4. How we use your information

To provide our products and Services under the terms and conditions we agree between us, we need to collect and use personal information about you. If you do not provide this personal Information we may not be able to provide you with our products and Services.

In accordance with the GDPR/ Act, we may only process your Personal Information if we have a ‘legal basis’ (i.e. legally permitted reason) for doing so. For the purposes of this Policy, our legal basis for processing your Personal Information is set out in the table below.

Why we will process your Information	The legal basis for which is…
To answer your questions, respond to posts on the discussion forum, improve our website and to ensure that our website is presented in the most effective manner for you.	This is necessary for the legitimate interests we pursue in keeping our website up to date and competitive and responding to any ad-hoc enquires/ comments, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights. Where an enquiry relates to a Service (i.e. a contract of insurance) this processing may be necessary for the performance of a contract.
To arrange, underwrite and administer your contract of insurance, namely: Setting you up as a client Understanding your insurance needs to offer you an appropriate policy of insurance Evaluating risks to match you to an appropriate policy/ premium Amending your policy Client care- providing you with updates on your policy Collecting payment of premiums We may process details of your / your employee’s or agent’s home address, security and vehicles where they will carry sample stock.	This processing is necessary for the performance of a contract between us and information is processed to enable us to offer a quotation, arrange and administer a contract of insurance. Outside of such, this processing is necessary for the legitimate interests we pursue in ensuring that the policyholder is within our acceptable risk profile and to collect any monies due to us, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights and freedoms
To process any claim under or arising out of your insurance policy or our Services.	This processing is necessary for the performance of a contract between us and information is processed to enable us to provide claims services to you. Outside of such, this processing is necessary for the legitimate interests we pursue is defending or advancing a claim, subject to you raising an objection, requiring us to check that our interest is not over ridden by any risk to your rights. Further, where a claim becomes litigated this processing may be necessary to comply with our legal obligations
To analyse and create a profile for general risk modelling and underwriting (where these reports are shared with third parties your personal information (data that makes you as an individual identifiable, will be removed)	This processing is necessary for the legitimate interests we pursue to build risk models that allow acceptable risks for an appropriate premium, subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights
To comply with our legal or regulatory obligations. Including, identity and other verification checks, anti-money laundering, anti-fraud, counter-terrorist.	This processing is necessary to comply with our legal obligations.
To contact you for marketing purposes (see the marketing section below for further details)	This processing is necessary for the legitimate interest we pursue in marketing other products and services we offer subject to you raising an objection, requiring us to check that our interest is not overridden by any risk to your rights. We will not share your details with any third parties for the purpose of marketing.

In accordance with the GDPR regulations, we are able to process your special category data (details of your health) and details of any criminal convictions where it is necessary for an insurance purpose (including advising on, arranging, underwriting or administering a contract of insurance and administering a claim under a contract of insurance) provided we have established a legal basis for doing so.

Where we are processing your special category data/ details of criminal convictions for an insurance purpose our legal basis is set out in the table above.

We will not process your special category data/ details of your criminal conviction without your explicit consent where it is not necessary for an insurance purpose.

It is important that we keep your personal data accurate and up to date and so we ask you to provide accurate information and inform us of any changes.

5. Profiling

As set out above, your Personal Information may be processed for the purpose of creating general risk profiles. Where special categories of data / criminal conviction data are relevant this may be processed as part of this analysis. If we were to report trends to any third parties any report, we prepare will group the information so that all Personal Information (information that makes you identifiable) is removed. For example, we may produce a risk exposure report on a certain geographical area or postcode.

6. How we keep your information safe
We take appropriate organisational and technical measures to protect your information with security measures under the laws that apply and we meet international standards. We keep our computers, files and buildings secure.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our Service and any transmission is at your own risk.

When you contact us to ask about your information, if necessary, we may ask you to identify yourself. This is to help protect your

Information.

7. How long we keep your information

To meet our regulatory and legal obligations, we collect some of your personal information, verify it, keep it up to date through regular checks, and delete it once we no longer require it for the purpose for which is was originally collected. We may also gather information about you from third parties to help us meet our obligations. If you do not provide the information we need, or help us keep it up to date, we may not be able to provide you with our products and services.

As a guide we usually retain your personal data for around 7 years following expiry of a policy of insurance, completion of a claim, cancellation of your online account or termination of a contract between us. We may be required to retain data for longer periods. If you would like further details of our retention periods, please contact us on the details above.

8. Marketing

For the purposes of the GDPR we have a legitimate interest in processing your personal data (name and contact details) for marketing communications. We will only require your consent, in certain circumstances, where we are marketing products and services to you as an individual, not to your business. Circumstances where we may need your consent are outlined below.

Where you have previously ordered products or services from us, unless you have told us not to, we may contact you by telephone, email or post about similar or related products, services, promotions and special offers that may be on interest to you.

In addition, with your consent, we may contact you by telephone, email or post to provide information in relation to other products, services, promotions, special offers and other information we think may be of interest to you.

You have the right at any time to ask us to stop processing your information for direct marketing purposes. If you wish to exercise this right please follow the unsubscribe link on the communications or contact us on the below details, or the relevant third party, giving us or them enough information to identify you and process your request.

Please note that even if you ask not to receive marketing communications, we may still need to send you service messages regarding the Services.

9. Your information and third parties

Sometimes we share your information with third parties. For example, to:

enable us to provide products, services and information;
analyse information;
research your experiences dealing with us;
collect debts;
sell your debts;
sell whole or part of our business;
prevent financial crime;
help trace, investigate and recover funds on your behalf;
trace information; and protect both our interests;
where we are obliged, or permitted, to do so by applicable law, regulation or legal.

In addition, we may share your details with third parties to effectively provide our Services, including:

existing claims handlers;
legal representatives;
loss adjusters;
insurances and re-insurance providers;
insurance brokers and intermediaries;
our supplier and sub-contractors for the performance of ant contract we may have with them.

In order to process your application we may supply your personal information to credit reference agencies (CRAs) and they will give us information about you such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We may also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations.

Your data may also be linked to the data of your spouse, any joint applicants or other financial associates.

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money - laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment.

Further details of the CRA's and fraud prevention agencies, and how they process your information can be ascertained by contacting our offices.

Where required by the GDPR/ Act we will ensure that relevant contractual protections are in place with these third parties to ensure they have the same levels of information protection that we have.

We also have to share information with third parties to meet any applicable law, regulation or lawful request. When we believe we have been given false or misleading information, or we suspect criminal activity we must record this and tell law enforcement agencies, which may be either in or outside the UK.

I0. International transfer of data

We may transfer your personal information outside of the European Economic Area (EEA) to help us provide your products and services. It may also be processed by persons operating outside the EEA who work for us, one of our associated companies or a third party engaged by us. Such countries may not have similar protections in place regarding protection and use of your data. We will take all steps reasonably necessary to ensure the security of your Personal Information i.e. where approved contractual clauses are agreed.

11. Business Relationships

This website may contain links to other websites. We are not responsible for the privacy practices or the content of such websites.

12. Your rights

This section sets out the legal rights of individuals in respect of the Personal Information we are holding and/or processing. If you wish to exercise any of your legal rights you should put your request in writing to us (using our contact details below) giving us enough information to identify you and respond to your request.

We can help you with/ you have the right to:

Access your personal information. You can ask us for a copy of the personal information we hold. You can ask us about how we collect, share and use your personal information. Most requests will receive a response within one month of receipt of a valid request; those which are more complex or numerous may take up to three months. You may not be entitled to see all of the information about you if an exemption applies.

Rectification of inaccurate Personal Information. if the personal information that we hold about you is incorrect, you have the right to ask us to amend it. Taking into account the purposes of the processing of personal data, the data can be rectified or, if data is incomplete, completed.

Withdraw consent: You can change your mind wherever you give us your consent, such as for direct marketing, or using your sensitive information, such as medical or biometric data.

The right to erasure – in certain circumstances you have the right to request that the personal data held about you is deleted or removed. The GDPR outlines specific circumstances when this right applies; including: where data is no longer needed for the purposes for which it was collected. There are certain exemptions to the right; including: when processing is necessary to comply with a legal obligation.

The right to restrict and/ or object to processing – in certain circumstances you are entitled to restrict or object to the processing of personal data; this includes: where you contest the accuracy of the data or you object to our legitimate interests in processing your personal data. If this right is exercised, any further processing of your data will take place only in circumstances in which the GDPR allows such processing to take place.

The right to data portability – in certain circumstances you have the right, on request, to ask us to provide a copy of the personal data that you have previously supplied to us, i.e. where the processing is by automated means and you wish to transfer to a new service provider.

If you seek to exercise a right under the relevant law and we consider an exemption is applicable (or the relevant right is not exercisable), we will explain this to you in as clear a way as we can.

13. Cookies

We use cookies and similar technologies such as local storage within our apps to provide and optimise our Services. You can control which cookies you get and which you keep on your device through your browser settings. Unless you have adjusted your browser settings so that it will refuse our cookies, our system will issue cookies when you visit our website. However, if you do not accept cookies you may not be able to take advantage of many of the special features of the Services.

You can find out more about internet advertising by visiting the following websites: www.allaboutcookies.org, www.yourchoicesonline.eu, and www.networkadvertising.org. Some of these sites enable you to opt out of online behavioural advertising and other tracking cookies (in addition to the control settings on your browser).

14. Making a complaint

If you have a complaint about the use of your personal information, please let a member of staff know, giving them the opportunity to put things right as quickly as possible.

If you wish to make a complaint you may do so in person, by telephone, in writing and by email. Please be assured that all complaints received will be fully investigated. You can register a complaint, using the contact details above. We ask that you supply as much information as possible to help us resolve your complaint quickly.

You also have the right to make a complaint to the Data Protection Commission, Canal House, Station Road, Portarlington, Co. Laois.
Email: info@dataprotection.ie or 076 110 4800.

Updates to this notice

We will make changes to this notice from time to time, particularly when we change how we use your information, and change our technology and products.

You can always find an up to date version of this notice on our website at www.gjis.ie/privacy_policy

You will also find it incorporated within our Terms of Business which are included in your policy documentation from time to time, or you can ask us for a copy.