IFGL is headquartered in the Isle of Man. IFGL and our Data Protection Officer can be contacted in writing at International House, Cooil Road, Douglas, Isle of Man, IM2 2SP, British Isles.
You may have supplied your personal data to us through:
Your Financial Adviser should tell you when they pass your details on to us and you should have given your consent to allow your Financial Adviser to pass your details to us.
‘Personal data’ means any information that can be used to identify an individual person. This means information that could identify you directly or indirectly, and can include your name, address, date of birth, email address, bank details, identification number, location data, online identifier, or one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
As required under the regulations the information we collect will be adequate, relevant and limited to what is necessary for the purpose the information is being collected.
All personal data we collect and hold will be processed lawfully, fairly and in a transparent manner in relation to you as our data subject.
In some circumstances we may collect sensitive information about you such as:
We do not require data concerning political opinion, membership of a trade union, religious or philosophical beliefs which are also categorised as sensitive personal data however this information may be disclosed by you as part of the underwriting process, if you consider it is relevant. We have a very general question on the application form which asks clients to disclose any feature of their lifestyle which may affect / threaten their life expectancy and through this you may disclose further sensitive information.
IFGL will require your explicit consent to process sensitive information. If we do not receive this consent from you we will not be able to provide you with your product.
If you make any of your sensitive personal data public such as putting information on social media we can process that data as this information will be in the public domain.
We can also further process your sensitive personal data in the exercise or defence of legal claims for or against IFGL or whenever we need to comply with a court order.
As the controllers of your personal data IFGL may process your data:
a) to administer and operate policies
b) to fulfil IFGL’s legitimate interests, in particular in the course of the operation, support and development of our businesses, evaluating customer service, efficiency, cost and risk and for management purposes
c) carrying out anti money laundering and conflict checks for the prevention of financial crime or fraud
d) exercising and defending our legal rights, complying with regulatory authorities and legislation
e) for audits by national and regulatory enforcement
We will ensure that your personal data is processed in a manner that ensures it is appropriately secure and we will protect your information against unauthorised or unlawful processing, accidental loss, destruction or damage. We will do this with the implementation of internal policies, procedures, encryption of emails and data, building security such as swipe cards for building access, CCTV, internal IT testing, IT testing by external parties, internal auditing and staff training therefore treating your personal data with integrity and with the utmost confidence.
As part of our Underwriting Process we require and record data concerning clients’ health. This is primarily gathered from questions on the application form, which include sensitive, personal data. We will use this data as part of our decision making process.
Most clients will also undergo a medical examination, and some degree of medical testing will be undergone for example blood and urine samples are taken and results are recorded.
We are able to process your health data for the purposes of carrying out insurance business.
We can also process health information which relates to a data subject who is the parent, grandparent, great-grandparent or sibling of an insured person.
IFGL will not need to obtain consent of the data subject where we cannot be reasonably expected to obtain consent for the processing of your data. IFGL can process your personal data when IFGL is not aware of you withholding consent.
Your data will not be further processed in a manner that is incompatible with the above purposes.
Data Protection law allows IFGL to process and retain your personal information only if we have a good reason to do so. This includes sharing your information outside of IFGL. We must have one or more of the following reasons to process and retain your data:
The processing of your information is done so within the legitimate interests of business or commercial activities (these are not overridden by prejudice to your privacy rights). For IFGL to comply with applicable regulations it will be necessary, in some cases, to disclose your personal details which would be classed as a legal duty. We will also process your data in order that we can assist you with your policy under the terms and conditions set out in your policy of which IFGL consider this to be a contract between you and IFGL.
We can process your personal information if it is necessary for the purpose of carrying on business which consists of effecting or carrying out a contract or is personal data which relates to a data subject who is not a party to the contract or seeking to become a party to the contract and can reasonably be carried out with the consent of the data subject.
Again, as above, processing can be carried out without obtaining consent of the data subject where we cannot be reasonably expected to obtain consent for the processing of that information for instance a nominated beneficiary of a policy who does not know that they have been nominated. IFGL can process the data subject’s personal data when IFGL is not aware of you withholding consent.
Your personal data may be transferred to another country, which may also include countries outside of the EEA. This may be because you or your Financial Adviser live outside the EEA or your nearest IFGL office is outside of the EEA. In those cases where the relevant country has been checked to ensure it has an adequate level of data protection by the European Commission, or we need to make the transfer in order to perform a contract in your interests, we will ensure that the transferred personal data is protected by a data transfer contract. Further details can be obtained by making a request in writing to our Data Protection Officer (“DPO”). We can provide you with copies of any data transfer agreements on request.
To ensure we are only transferring data to countries which have the correct adequacy ratings we regularly check the EU website.
IFGL does not use automated decision making processes.
IFGL may need to collect personal information by law, or under the terms of a contract we have with you.
If you choose not to provide your personal data, it may delay or prevent us from meeting our obligations. It may mean that we cannot perform services to run your policies which could result in a need to cancel a policy or service you have with us.
Any data collection that is optional would be made clear at the point of collection.
We will retain your personal data in a form which can identify you only for as long as necessary for the purposes set out previously and for as long as necessary to meet legal, regulatory and business requirements and no longer. Reasons to retain data can include;
Should you wish to have a look at our document retention schedule stating what documents are kept and for how long please contact our DPO who can give you a copy of our document retention schedule.
We may extend retention periods if we are required to preserve personal data in connection with investigations, proceedings and litigation.
You have a right of access to your information completely free of charge (if it is a simple request). If we do need to charge you we will confirm what the charge is and why it is necessary to charge you. Usually we will only charge if the information is clearly unfounded or excessive. Therefore if you keep requesting information then it may be necessary to charge you. We will take into consideration the cost of obtaining your information and the length of time it will take to respond to your request. If you request additional copies we can also charge for the additional copies.
Should you wish to have access to your personal data you can write to the DPO to request copies. This is called a subject access request. If you wish to have more details as to how this works please contact our DPO.
If you request information that is too much or if we hold a lot of information about you we will ask you to be specific about the information you are looking for in order that we can locate it and get it to you.
If we consider that you are asking for too much information we do have the right to say no. If we do consider your request to be excessive we will send you a letter or an email setting out why.
In order to protect you we may ask for identification confirming that it is you asking for the information. If you request copies of your information we must provide you with your information within one month from the date we receive your identification documents.
You have a right to an electronic copy of your personal data which we can send to you encrypted.
If your request to have a copy of your personal data adversely affects the rights and freedoms of others we will not be able to provide this however we will send a letter to you confirming this.
You have the right to question any information we have about you that you think is wrong or incomplete.
We will endeavour to ensure that all information we retain for you is accurate, complete and up to date.Please do let us know if you have a change of personal details such as surname or contact details and help us keep your details up to date. If you become aware that the information we hold is incorrect and have let us know we will take every reasonable step to ensure that your personal data is rectified without delay. It is a good idea to regularly check the information we have for you.
You have the right to object to our use of your personal information, or to ask us to delete, remove or stop using your personal information. This is your ‘right to object’ or ‘right to be forgotten’. However in doing so this may stop us being able to provide you with your product or disrupt our service levels to you.
There may be circumstances where we are able to restrict the use of your data; i.e. restrict its use to certain things, such as legal claims or to exercise legal rights. In these circumstances, we would not use or share your information for other purposes while restricted.
Restriction of processing can be requested when:
You can request the restriction or objection to the processing of your personal data by sending the request in writing to our DPO.
You can withdraw your consent for us holding your personal information at any time. Should you withdraw your consent this may impact your product, the service we provide, or stop us being able to assist you with your policy.
You can lodge complaints about our processing of your personal data with our DPO in writing. Should your compliant about our processing of your personal data not be resolved to your satisfaction you can then send your complaint to the Office of the Information Commissioner, you can also contact the Information Commissioner Office using the details on this link.
You may visit our offices at International House where we have a number of CCTV cameras. We have CCTV cameras for security reasons for the protection of our staff and visitors. We do not record sound and so your voice will not be captured.
CCTV images are held for one week after which they automatically delete.
We do have the capacity to ‘hold a playback’ which means we can keep the information for longer should there be an incident. The CCTV images may then be used to defend any legal claims. Should your image be held we will inform you.
We have an internal policy for our CCTV which regulates how we use it and the images it stores which is tested by regular internal audits which are carried out on a six monthly basis.
When entering into a new contract with RL360 you will be provided with the option to apply for access to our OSC. This facility provides you with access to your policy details, including valuations etc. When applying for access to the OSC you will be asked to provide some personal data which includes your name and email address.
If you call IFGL or IFGL calls you, the telephone line may be recorded. The records will be IFGL’s property and accepted by you as evidence of the orders or instructions given. A copy of the recording will be available on request for a period of seven years.
If you chose to cash in your policy, surrender your policy or no longer wish to use our services we will retain your information for six years. After the sixth year anniversary of the surrender or you leaving us we will completely delete your data and we will no longer be able to provide any copies should you wish to review your personal data that we held.
If you wish to set up a policy with a competitor it is your right to ask for us to send on your personal data to them. If you would like us to do this our customer service team will assist you as and when this happens.
We do not use your personal data to directly market our products to you
If you are not yet 18 years old you can ask us to give you copies of information we hold about you. You can call, write or email our DPO who will help you. We also have a separate policy which sets out information which you might find clearer and easier to read.
This is our main statement. You will find parts of this statement broken down into smaller sections on our website and in pieces of our literature. Not all parts of the statement will relate to each client. Therefore your application forms and literature you receive about us will be tailored to suit you.
The most important thing is that you feel in control of your personal data. We will help you to do this with us as much as we can.
If you are unsure or if you feel something is not clear you can contact our DPO who will be able to answer your questions.
Our Data Protection Officer can be reached in writing to International House, Cooil Road, Douglas, Isle of Man, IM2 2SP or by email to DPO@rl360.com