Effective Date: February 24, 2020
Further notices highlighting certain uses we wish to make of your personal information together with the ability to opt in or out of selected uses may also be provided when we collect personal information from you.
Depending on where you are located, the controller of your personal information under this policy will be different. Please see here for a list of which Starr entities will be controllers in which countries. In addition to the foregoing, Starr Insurance Holdings, Inc. may also act as controller. We can confirm which processing activities are undertaken by which entity should you request this.
- How We Collect Personal Information
- Automated Collection
- Information We Collect
- Special Categories Of Personal Information
- How We Use Personal Information
- How We Share Personal Information
- Automated Decisions
- Your Rights and Choices
- International Transfers of Personal Information
- How We Protect Personal Information
- Third Party Links
- Children’s Privacy
- Personal Information of Other Individuals
- Contact Us
We may collect personal information from various sources including:
- directly from you, such as information you provide to us when you inquire or purchase our products and use our Services. Where you are providing us with personal information other than yourself, you agree to provide this notice to them;
- from our vendors; partners; and third parties who we work with to provide the Services such as brokers, third party administrators, loss adjusters, coverholders, etc;
- from companies and organizations that partner with us to deliver Services;
- during conversations and correspondences between you and our representatives, including our agents;
- automatically, from your use of our website or apps, such as your IP address, usage data, and geolocation data; and
- other sources such as public databases, social media platforms, and other third parties.
The third parties we collect personal information from may include third party companies such as credit reporting agencies, law enforcement agencies and other government entities. We may collect personal information about you from our group companies. From time to time, we may use or augment the personal information we have about you with information obtained from other sources, such as public databases, social media platforms and other third parties. For example, we may use such third party information to confirm contact information or to better understand your interests by associating demographic information with the information you have provided.
At this time, we do not respond to Do-Not-Track signals.
We may collect different types of personal information, including:
- contact information, such as first and last name, telephone number, postal and billing address;
- demographic information such gender, marital status, employment and occupation details, and income;
- financial information and other information required to process your transaction such as financial account details and numbers;
- information necessary to verify your identity and provide you with our products and Services, such as driver’s license number, passport number, national insurance number and social security number;
- username and password for any account you may create with Starr
- family details such as information about beneficiaries (e.g., spouse, child, joint applicant, next of kin, dependent, trustee, etc.);
- information necessary to process claims such as health information, medical history, and treatment plans;
- background information to the extent permitted by applicable laws, we may obtain reports from public records of criminal convictions;
- professional licensure information and details;
- geolocation data; and
- usage information, such as IP address, operating system, and date, time, and length of stay on our website
We may aggregate and/or irreversibly de-identify personal information collected in connection with the Services and use it for any purpose, including product and service development and improvement activities.
Some of the categories of personal information that we collect are sensitive personal information (also known as special categories of personal information). In particular, we may process data concerning health in connection with the administration of insurance policies and any claims.
We use personal information for the purposes set out below.
- To administer your policy and to manage, process, defend/prosecute and/or investigate claims.
- To allow you to apply for our products and Services and to evaluate your eligibility for such products and Services, and to process your applications to use our products and Services (including setting you up as a client which may include fraud, sanctions, credit and anti-money laundering checks).
- To contact you regarding renewals, evaluate risks and pay associated premiums as required.
- To communicate with you about our Services, including to fulfill your requests, respond to your inquiries, and to inform you of changes related to our products and Services
Legal bases for above purposes: contract performance, legitimate interests (in order to allow us to perform our obligations and provide our services to you). With respect to special categories of personal information, where we cannot rely on another ground such as legal claims or substantial public interest (e.g. to prevent and detect crime/fraud), we rely on consent.
- To provide you with information about our products and Services, including to personalize such communications to present products and offers tailored to your interests and eligibility. For further information, please see the “Marketing” section below.
Legal bases for the above purpose: legitimate interests (in order to allow us to market to you) or consent (where this is required by law).
- To prevent fraud, including by confirming your identity and location. If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and may be recorded by us or by them.
- To comply with our legal obligations and to exercise and defend our legal rights.
Legal bases for the above purposes: legal obligations, legitimate interests (to comply with our obligation and cooperate with law enforcement and regulatory authorities), legal claims. With respect to special categories of personal information, where we cannot rely on another ground including legal claims or substantial public interest (to prevent and detect crime/fraud) we rely on consent.
- To improve our products and Services
Legal bases for the above purposes: legitimate interests (in order to allow us to improve our Service or change our business (as applicable).
As mentioned above, we may also use and share de-identified personal information for any other legitimate purposes, including product and service development and improvement activities. We base this de-identification on the ground that it is within our legitimate interests (to enable us to improve our business, products and Services).
We may share your personal information for the purposes (and the legal bases) set out above as follows:
- within our company and with our affiliates and with other insurers and reinsurers who help us manage our risk;
- with service providers that perform Services on our behalf, including for the purposes of operating our website, assisting us to perform business functions, claims handling, and operations, and professional services such as legal advisors, accountants and consultants;
- with select partners we may collaborate with;
- with other parties with your consent and at your direction; and
- we reserve the right to disclose your personal information as required by law, when we believe disclosure is necessary or appropriate to comply with a regulatory requirement, judicial proceeding, court order, government request, or legal process served on us, or to protect the safety, rights, or property of our customers, the public, us or others.
Your personal information may be profiled to assess risk and patterns. We may make automated decisions about you based on such profiles where such decisions are required or authorized by law or where necessary for the performance of a contract with you, for example for sanctions, fraud prevention and money laundering purposes.
We may use criteria such as demographics, employment status and other related factors to determine your eligibility to purchase Starr products and Services on an automated basis or without human/manual intervention by comparing such factors against those used to develop our different risk profiles. The outcome of such decision may include an effect on the rates you are charged, and may limit your ability to obtain products and Services from us.
Subject to local legal requirements and limitations, you have a right to object to our use of automated decision-making or request an automated decision to be reviewed by a human being.
We (or our service providers and advertising partners) may send you direct marketing communications and information about our products and services that we consider may be of interest to you and, where required by law, we will ask for your consent at the time we collect your personal information to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in the “Contact Us” section below.
Marketing profiles: Please note that we may use or augment the personal information we have about you with information obtained from other sources, such as public databases, social media platforms and other third parties to provide you with tailored marketing communications.
You have the right to opt out of such analysis of your personal information that we use to tailor the direct marketing that we send to you, at any time. You can exercise this right by contacting us as set out in the “Contact Us” section below.
Please note that we also carry out digital advertising campaigns from time to time that do not rely on your personal information. Subject to any local law requirements, your opt-out will not have effect on such advertising campaign.
You may have the right to access and correct your personal information as described below. Individuals in certain jurisdictions, (e.g., EU, UK), may have certain additional rights and choices regarding our processing of their personal information.
We reserve the right to verify your identity in connection with any requests regarding personal information to help ensure that we provide the information we maintain to the individuals to whom it pertains, and allow only those individuals or their authorized representatives to exercise rights with respect to that information. Please note that your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g., the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). We endeavor to comply with your request as soon as reasonably practicable and in compliance with all applicable laws.
- Access and correction of your personal information: You may access the personal information we maintain about you by submitting a request to us using the contact details below. If we grant your request, we will provide you with a copy of the personal information we maintain about you in the ordinary course of business, in a commonly used format. You may request access to correct any errors in your personal information. We may reject your request to access or correct personal information, as permitted by applicable law. If we reject your request, we will notify you of the reason(s) for the rejection.
- Portability of your personal information: Under certain conditions, you may request that we transfer your personal information to another entity in the format in which we maintain it in the ordinary course of business. We may reject your request, as permitted by applicable law. If we reject your request, we will notify you of the reason(s) for the rejection.
- Deletion of personal information: You may request that we delete your personal information that we no longer have a lawful basis to use. We may reject your request, as permitted by applicable law. For example, Starr may be required by legal other reasons to retain your personal information in its business records. If we reject your request, we will notify you of the reason(s) for the rejection.
- Objection to processing of personal information. Under certain conditions, you may have the right to object to our processing of personal information about you, including our use of your personal information for marketing purposes and marketing profiles.
- Restrict the processing of your personal information. Under certain conditions, you may have the right to require us to restrict the processing of your personal information.
- Withdrawal of consent: If Starr relies on your consent for the processing of your personal information, we will obtain your consent at the time we collect your personal information. To the extent provided by applicable law, you may withdraw any consent previously provided to us, or object at any time on legitimate grounds, to the processing of your personal information. We will apply these preferences going forward. In some circumstances, withdrawing consent to our use or disclosure of your personal information will mean that Starr may no longer be able to provide you with the Services.
Please contact us using the contact details below in the “Contact Us” section if you would like to exercise any of these rights or request more information. Where required by applicable law, we will notify you if we reject your request and notify you of the reasons we are unable to honor your request. With respect to individuals located in the EU/UK, where we are unable to resolve an inquiry or a complaint, you have the right to contact the data protection regulator in the European country in which you are based. A list of the data protection regulators and their contact details can be found here.
We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information. Where required by certain jurisdictions, we will transfer your personal information subject to jurisdiction-approved safeguards, such as standard contractual clauses. For example, where you are located in the EU/UK, we will transfer your personal information subject to approved safeguards unless we are permitted under EU data protection law to make such transfers without such formalities.
We maintain reasonable administrative, technical and physical safeguards designed to protect the personal information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, because no security measure is 100% effective, unauthorized entry or use, hardware or software failure, and other factors may compromise the security of information about you at any time, and to the extent permitted by applicable law, we bear no liability for uses or disclosures of personal information or other data arising in connection with theft of the information or other malicious actions.
THIRD PARTY LINKS
Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices. Please check these policies before you submit any personal information to such third party websites.
Starr does not knowingly collect personal information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with personal information without their consent, he or she should contact us at firstname.lastname@example.org. If we become aware that a child under 13 has provided us with personal information, we will delete such personal information from our files.
Starr Companies Compliance Director
399 Park Ave
New York, NY, 10022
Data Protection Officer
4th Floor, 30 Fenchurch Avenue
London, EC3M 5AD
Lawful bases under EU law (this only applies to individuals located within the EU/UK)
1.1 The main lawful bases for our use of personal information are as follows:
- Contract performance: where we are required to collect and handle your personal information in order to provide you with the services that we have contractually agreed to provide to you.
- Legal obligation: where we need to use your personal information to comply with our legal obligations;
- Legal claims: where your personal information is necessary for us to establish, exercise of defend any legal claims; and
- Legitimate interests: where we have a legitimate interest in using your personal information. We will only rely on this lawful basis if we consider that our interest in using your personal information for the relevant purpose is not outweighed by any interests that you may have, or any prejudice that you may suffer, from the relevant use of your personal information.
The main lawful bases for our use of your special categories of personal information are as follows:
- Legal claims: where your personal information is necessary for us to establish, exercise of defend any legal claims;
- Substantial public interest: where we need to process your personal information for reasons of substantial public interest set out in EU law or the laws of the member state in which you are based;