Privacy Policy

Italiano | English | Français | Español

1. Introduction

CHP Legal (the “Data Controller”) is committed to ensuring that any personal data received from the users of this website (“Website”), and through other processing methods, from any individual (such as customers, employees, consultants, service users, etc.), is protected and handled in accordance with applicable data protection laws.

In general, any information and data provided to the Data Controller over the Website – and with other processing modalities – acquired in the use of services such as: the registration procedure, the request for products and services, information or estimates, access to the registration procedure (which is reserved for users who have the quality of insurance brokers or intermediaries), filling out the forms provided in order to notify a claim or to request any of the insurance services provided through the Website (“Forms”) or which is otherwise gathered via the Website by the Data Controller in the context of the use of the Data Controller’s services (“Services”), will be processed by the Data Controller in a lawful, fair and transparent manner.

2. Data Controller

The Data Controller, as identified at the top of this Privacy Policy, is the Data Controller regarding all personal data processing carried out through the Website.

3. Personal Data processed

When you use the Website – or provide data in other ways – the Data Controller will collect and process information regarding you (as an individual) which allows you to be identified either by itself or together with other information which has been collected. The Data Controller may also be able to collect and process information regarding other persons in this same manner, assuming you choose to provide it to the Data Controller.
This information may be classified as “Personal Data” and can be collected by the Data Controller when you choose to provide it (e.g., when you sign up for an account to receive the Data Controller’s Services).

Personal Data that can be processed by the Data Controller through the Website or in other ways are as follows:

a. Name, contact details and other Personal Data

In various sections of the Website – in particular, if you decide to create an account on the Website or when you fill out a Form – you will be asked to submit information such as your name, phone number, e-mail address, gender, date of birth, country of residence and address, as well as, in certain cases, information related to the company you currently work for and your position in that company.

In addition, whenever you participate in surveys that may be available on the Website, as well as whenever you communicate with the Data Controller through the contact details provided on the Website, the Data Controller may collect additional information that you choose to provide. This is also the case regarding any information you choose to disclose in certain sections of the Website which allow you to fill out a Form or to contact the Data Controller directly.

b. Job applications

When registering to apply for a position within the Data Controller, in the “Careers” section of the Website (where available), you will also be asked to provide different types of Personal Data, including professional and employment details (e.g. resume, cover letter, professional qualifications, availability to start, professional social media URLs, etc.).

You are also asked to provide other job-specific information, including your marital status, gender and date of birth, which may help to give more insight of you as a candidate – however, this is entirely optional and not mandatory.

c. Special categories of Personal Data

Certain areas of the Website provide you with some free text fields where you can describe to the Data Controller some information that you need to communicate to the Data Controller as required in the Forms, or otherwise allow you to post various types of content on the Website, which may contain Personal Data.

You may use such areas to disclose (inadvertently or not) some sensitive (“particular”) categories of Personal Data, such as data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. The content you upload in these fields may also (inadvertently or not) include other types of particular information relating to you, such as your genetic data, biometric data or data concerning your health, sex life or sexual orientation or any disabilities you may have.

The Data Controller asks that you do not disclose any particular Personal Data in these free text fields on the Website unless it is strictly necessary. If so, please mind that the Data Controller needs your explicit consent to process this type of Personal Data (e.g. by declaring that you consent in the free text field), if you decide, nonetheless, to share it.

d. Other persons’ Personal Data

As mentioned in the previous section, certain areas of the Website and of the Forms include specific fields as well as free text fields where you can write messages to the Data Controller, or otherwise allow you to insert various types of data on the Website. These messages and content may (inadvertently or on purpose) include Personal Data related to other persons.

In other sections of the Website, you are asked to submit Personal Data related to third parties, such as other contacts in your company, colleagues, clients, policyholders, claimants, counterparties and/or insurers.

In any situation where you decide to share Personal Data related to other persons, you will be considered as an independent data controller regarding the Personal Data and must assume all inherent legal obligations and responsibilities. This means that you must fully indemnify the Data Controller against any complaints, claims or demands for compensation for damages which may arise from the processing of this Personal Data, brought by the third parties whose information you provide through the Website.

As the Data Controller does not collect this information directly from third parties (but rather collects them, indirectly, from you), you must make sure that you have the third parties’ consent before providing any information regarding them to the Data Controller; if not, then you must make sure there are some other appropriate grounds on which you can rely to lawfully give this information to the Data Controller.

e. Browsing Data

The Websites operation, as is standard with any websites on the Internet, involves the use of computer systems and software procedures, which collect information about the Websites users as part of their routine operation. While the Data Controller does not collect this information to link it to specific users, it is still possible to identify those users either directly via that information, or by using other information collected – as such, this information must also be considered Personal Data.

This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the Website, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.

These data are used to compile statistical information on the use of the Website, as well as to ensure its correct operation and identify any faults and/or abuse of the Website.

f. Cookies

Cookies are small text files that may be sent to and registered on your computer by the websites you visit, to then be re-sent to those same sites when you visit them again. It is due to these cookies that those websites can “remember” your actions and preferences (e.g. login data, language, font size, other display settings, etc.), so that you do not need to configure them again when you next visit the website, or when you change pages within a website.

For more details, please refer to our Cookies Policy.

4. Purposes of processing and lawful basis for processing

The Data Controller intends to use your Personal Data, collected through the Website, for the following purposes:

  • Manage and, if necessary, settle claims, collect information and documentation, carry out investigations (also relating to the degree of satisfaction) and investigations, as well as carry out activities’ ancillary and instrumental to the management and settlement of the claims themselves (“Service Provision”). The lawful basis for this process is to perform a contract with the data subject. It is not mandatory for you to give the Data Controller your Personal Data for these purposes; however, if you do not, the Data Controller will not be able to provide any Services to you.
  • Access the platforms and verify the identity of the User, help him in case he loses or forgets the login/password credentials for any of the Registration Services of the Data Controller, maintaining a registered user profile and provide any other service that the User may request (“Service Provision”). The lawful basis for this process is to perform a contract with the data subject. It is not mandatory for you to give the Data Controller your Personal Data for these purposes; however, if you do not, the Data Controller will not be able to provide any Services to you.
  • Granting judicial and/or out-of-court assignments in relation to insurance claims management (“Service Provision”). The lawful basis for this process is to perform a contract with the data subject. It is not mandatory for you to give the Data Controller your Personal Data for these purposes; however, if you do not, the Data Controller will not be able to provide any Services to you.
  • Provide assistance and information following specific requests from the User.
  • Send the Furness Insurance Services Ltd newsletter (“Newsletter”). The lawful basis that allow us to process your data is your consent exercised through the opt-in operation.
  • Review your curriculum vitae and get in touch with users who have submitted their application through the website (“Recruitment”). The lawful basis for this process can be one of the followings: necessary to perform a contract with you as the Data Subject – compliance with legal obligations that the Data Controller is subject to in relation to employment law – Legitimate interests of the Data Controller – your consent as data subject. Processing for this purpose is needed for the Data Controller to be able to consider offering you a position and, therefore, is necessary to take steps at your request before (potentially) entering into a contract. It is not mandatory for you to give the Data Controller your Personal Data for these purposes; however, if you do not, the Data Controller will not be able to consider your candidacies.
  • Comply with laws and regulations that require the Data Controller to collect and/or further process certain types of Personal Data (“Compliance“). The lawful basis for this process is a legal obligation.
  • Prevent and detect fraudulent activities carried out against the Data Controller (“Abuse“).
  • Management of personal data within the employment relationship. The legal basis for this process is to follow up on the employment contract.
  • Management of personal data within the consultancy relationship. The legal basis for this process is to follow up on the consultancy contract.
  • Management of personal data within contracts relating to the provision of services provided. The legal basis for this process is to follow up on the service contract.
  • For other legitimate purposes that are in compliance with applicable regulations and which may not have been specifically mentioned above, but that fall within the scope of usual business practices and necessary for the proper functioning of the Data Controller’s activities. The legal basis for this process is the execution of a contract and/or the legitimate interest of the Data Controller, in compliance with applicable regulations.

5. Recipients of Personal Data

Your Personal Data may be shared with the following list of persons / entities (“Recipients”):

  • Persons, companies or professional firms providing the Data Controller with advice and consultancy regarding for example accounting, administrative, legal, tax, financial and debt collection matters related to the provision of the Services.
  • Entities engaged to provide the Services (e.g., hosting providers or e-mail platform providers).
  • Persons authorized to perform technical maintenance (including maintenance of network equipment and electronic communications networks).
  • Persons authorized by the Data Controller to process Personal Data needed to carry out activities strictly related to the provision of the Services, who have undertaken an obligation of confidentiality or are subject to an appropriate legal obligation of confidentiality (e.g., employees of the Data Controller).
  • Other companies within the Data Controller Group.
  • Public entities, bodies or authorities to whom your Personal Data may be disclosed, in accordance with the applicable law or binding orders of those entities, bodies or authorities.

6. Transfer of Personal Data

Your Personal Data may be transferred to Recipients located in several different countries. The Data Controller implements appropriate safeguards to ensure the lawfulness and security of these Personal Data transfers, such as by relying on adequacy decisions from the European Commission, standard data protection clauses adopted by the European Commission, or other safeguards or conditions considered adequate to the transfer at hand.

7. Retention of Personal Data

We will retain your personal information for as long as is reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy. The retention period will be primarily determined by relevant legal and regulatory obligation and/or duration of our business relationship with you, your employer, or another associated party. We maintain and regularly update our Data Retention Policy with a detailed retention schedule. We will securely delete or erase your personal information if there is no valid business reason for retaining your data. In exceptional circumstances, we may retain your personal information for longer periods of time if we reasonably believe there is a prospect of litigation, in the event of any complaints or if there is another valid business reason the data will be needed in the future.

8. Data subjects’ rights

You have certain rights as a data subject which you can exercise in relation to the information, we hold about you. If you make a request to exercise any of your rights, we reserve the right to ask you for a proof of your identity. We aim to acknowledge your request as soon as possible and will address your query within one month from your request.

You have the following rights:

The right to access

If we are processing your data, you are entitled to a confirmation, a copy of your data, and information about purposes of processing – who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, where your data is from and how you can make a complaint.

The right to rectification

If you believe that the personal information we hold about you is inaccurate or incomplete, you can request for it to be rectified.

The right to erasure

If you withdraw your consent, terminate a contract with us or you believe the personal information is no longer necessary for the purposes for which it was collected, you may request for your data to be deleted. However, this will need to be balanced against other factors, for example, there may be certain regulatory obligations which mean we cannot comply with your request.

The right to restrict processing

You can ask us to restrict (i.e. keep but not use) your personal data, but only where:

  • Its accuracy is contested, to allow us to verify its accuracy; or
  • The processing is unlawful, but you do not want it erased; or
  • It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • You have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal data following a request for restriction, where we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.

The right to data portability

If we have collected your information under a contract or your consent, you could request us to transfer your personal information to provide it to another third party of your choice.

The right to object

You have the right to object at any time the processing of your personal data where it is necessary for the performance of a task carried out in the public interest, or in the exercise of an official authority vested in the controller. You may also object where the processing is necessary for the purposes of the legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms – in particular, if you are a child.

The right to withdraw consent

If we have processed your personal information under your consent, you could withdraw it at any time.

We do not have to comply with a request where it would adversely affect the rights and freedoms of other individuals.

9. Contact details of the Data Protection Officer

You can also exercise your rights described above by sending a written request to the Data Controller at the following address: dpo@fisg.co.uk.

10. Complaints

Qualora Lei non fosse soddisfatto della nostra risposta o ritenesse che i Suoi dati non siano stati trattati in conformità con i requisiti legali, potra’ presentare un reclamo all’Autorità per la protezione dei dati personali competente.

11. Amendments

This Privacy Policy entered into force on 25/05/2018. The Data Controller reserves the right to amend this Privacy Policy partly or fully, or simply to update its content, e.g., due to changes in applicable law. The Data Controller, therefore, invites you to regularly visit this Privacy Policy to acquaint yourself with the latest, updated version of the Privacy Policy, so that you may remain constantly informed on how the Data Controller collects and uses Personal Data.

Latest Update: 00/00/0000