Last Updated - October 2019
What this Privacy Notice covers
This privacy notice sets out how Polaris UK Ltd (“Polaris”, "we " or "us") use the information we collect from you when using imarket how we safeguard your privacy. It also describes your data protection rights, including a right to object to some of the processing which Polaris carries out. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section below.
This notice covers only business contact data and subscriber data which we hold on behalf of our corporate insurance company and insurance brokers. If you are an individual whose personal data is stored in the imarket insurance system, please contact your relevant insurer or insurance broker for more information and to exercise your rights.
Summary of how we use your data
- Polaris uses your personal data to provide imarket.
- Personal data is shared with third parties, including vendors we use such as IBM.
- Where we rely on your consent, such as for placing cookies, you can withdraw this consent at any time.
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.
The information we collect
As part of providing imarket, we will collect and process the following personal data:
- the name of the organisation you work for
- your name and job title
- contact details (such as your office address, telephone number and email address)
- your IP address
- the names of other employees of your organisation that wish to act as Group Administrators (if you are the principal, partner or director requesting access to imarket)
What we do with the information we gather and the legal basis for use
Polaris will only process the information you provide to us for the following purposes:
- To fulfil a contract, or take steps linked to a contract: this is relevant where you use imarket. This includes:
- verifying your identity;
- communicating with you;
- providing customer services, which are obtaining quotations from insurers, processing new business, mid-term adjustments, renewals, handling referrals, connecting to services on insurers’ websites or the Polaris website, Accounts Reconciliation services and the Electronic Cover Notes service;
- As required by Polaris to conduct our business and pursue our legitimate interests, in particular:
- we will use your information to provide services you have requested, and respond to any comments or complaints you may send us;
- we use your information to help us monitor, improve and protect our products, content, services and websites, both online and offline;
- we use information you provide to personalise our website, or services for you;
- we monitor customer accounts to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law; we use information you provide to investigate any complaints received from you or from others, about imarket our website or our products or services;
- we will use data in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation);
- Where you give us consent:
- to send you information about our services, product updates and similar information;
- to place cookies and use similar technologies and the information provided to you when those technologies are used;
- on other occasions where we ask you for consent, we will use the data for the purpose which we explain at that time.
- For purposes which are required by law:
- In response to requests by government or law enforcement authorities conducting an investigation.
Whom we will share our data with, where and when
Polaris is a data processor for imarket and will only use the information you provide to us to pass to insurance companies from whom you wish to obtain services, and your software system providers, on your direction.
Data will be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
Personal data will also be shared with third party service providers, who will process it on behalf of Polaris for the purposes identified above. Such third parties include providers of website hosting, maintenance, IT support and organisations which use imarket services for security and include IBM, insurers verifying your rights to use services on their systems, Click4Assistance, Iron Mountain and Colt.
In the event that the business is sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
Where information is transferred outside the EEA, and where this is to a stakeholder or vendor in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor's Processor Binding Corporate Rules. For example transfers to IBM in Australia, Brazil, Costa Rica, Singapore, and the United States are covered by the Standard Contractual Clauses.
How long will we retain your personal data
To allow us to perform the contract, we will retain your data prior to and for the contract’s duration. We may also retain data for a longer period (up to 7 years) if it is needed in case of account/audit queries, or to comply with legal requirements. However, if this is the case we will only retain the data that is necessary to deal with such issues.
Links to other websites
Our website contains links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over these other websites.
Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the Privacy Notice applicable to the website in question.
What is a cookie?
What is in a cookie?
Each cookie is unique to a web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers. It allows a website to remember things like preferences or the contents of a shopping basket.
We use "session" cookies on the website. We will use the session cookies to retain information about your current visit to assist your navigation around the website. Session cookies will be deleted from your computer when you close your browser.
What is a session cookie?
Session cookies enable the website you are visiting to retain details of your movement from page to page so you are not required to enter the same information multiple times during the same visit to the site. Cookies allow you to proceed through many pages of a site quickly and easily without having to authenticate or reprocess each new area you visit.
Important information regarding session cookies:
- The information with a session cookie cannot be accessed on a computer as the file containing the information is "locked" by the web browser.
- The information passed between the browser and the website by the session cookie is anonymous.
- Session cookies are deleted as soon as the user closes the browser.
Where we rely on your consent for processing data, such as for placing cookies and similar technologies, you can withdraw this consent at any time. Note that by disabling certain categories of cookies you may be prevented from accessing some features of imarket or certain content or functionality may not be available.
Your rights in relation to your personal data
You have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this data to another controller.
If you believe that any information we are holding on you is incorrect or incomplete, please contact us as soon as possible, using the same email address. We will promptly correct any information found to be incorrect.
In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing). If you wish us to cease processing of your data, we will remove any data we hold for you unless it is needed to comply with legal or statutory requirements, or we have a legitimate interest in retaining the data (for example because we have no other contact within your organisation). In this case we will only retain any data needed to comply with that requirement. If you wish us to cease sending emails to you, or remove your details from our records, please contact us or use the unsubscribe link in the latest email sent to you.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping it. Relevant exemptions are included in both the GDPR and in the Data Protection Act 2018. We will inform you of relevant exemptions we rely upon when responding to any request you make.
To exercise any of these rights, please contact us at [email protected]. You can also get in touch with us by writing to Polaris, New London House, 6 London Street, London EC3 7LP. If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live, work or where you believe a breach may have occurred. This is likely to be the Information Commissioner’s Office in the UK.