privacy notice for group life claims
Your personal data – what is it?
Personal data is defined as any data from which a living individual can be identified.
Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”).
Who are we?
ERGO Lebensversicherung AG UK Branch, trading as Ellipse, is the data controller of personal data in respect of arranging and administering group insurance contracts.
How will we use the information about you?
We will process personal data in order to undertake any activity relating to our policies, products and services and handle any claims. This is known as the legitimate business interest basis of processing.
When do we ask for consent and how can you withdraw it?
As part of the claims assessment process we may need your consent to obtain and process additional personal information from you as a beneficiary. You have the right to withdraw your consent at any time. Should you decide to withdraw your consent please contact us.
What personal data do we hold and where did we get it from?
From the policyholder:
The policyholder (usually an employer) will have passed onto us your details as part of the group life insurance claim to which you are a beneficiary.
Which other organisations may we share your data with?
Ellipse may share your sensitive or special categories of personal information with:
- other Munich Re companies
- our reinsurer, Munich Re, their reinsurers and any reinsurer of our purchaser in the sale, transfer or transaction relating to our business
- our claims service partners: Barclays, Capita, Linden Claims and PTL
- our IT service providers: NIU Solutions, Northdoor and RedSpire, as part of the ongoing maintenance and development of our systems and services
- our regulators and government agencies: the Financial Conduct Authority, BaFiN (the German financial regulator) and Her Majesty’s Revenue and Customs ‘HMRC’
We do not transfer personal data outside the EEA.
How long do we hold your personal data for?
We will keep personal information only as long as we require it either for claims administration or in respect of any complaints relating to the policy. We will retain insurance records to satisfy regulatory requirements which will be for a maximum of six years after the date we pay the claim or decline the claim. After this time, data will either be anonymised (a means by which an individual can no longer be identified by the data) or deleted. We will regularly review our data retention policy to ensure that data is not kept for longer than is necessary.
How can you access the data and correct it?
You can find out if we hold any personal information by making a ‘subject access request’. Within one month of your request we will:
- give you a description of the information we hold
- tell you why we are holding it
- tell you who it could be disclosed to
- let you have a copy of the information in an intelligible form, usually a pdf file
To make a request for any personal information we may hold about you please contact us.
If we do hold information about you, you can ask us to correct any mistakes by contacting us.
How to complain
If you are unhappy with the way in which your personal data is handled, please contact our Data Protection Officer.
If you remain unhappy with our response to your complaint, you can complain directly to the Information Commissioners Office (ICO). They are the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. Visit https://ico.org.uk/concerns/ to raise a complaint.
We do not apply any automated decision making to the personal data you provide to us.