Privacy Policy

Lighthouse General Insurance Company & Lighthouse Life Assurance Company Privacy Policy

Protecting your privacy is very important to us. We value your trust and have designed this Privacy Policy to help you understand how we collect, protect, and use your Personal Information. By ‘Personal Information’ we mean information that identifies and relates to you. The specific Lighthouse company acting as the Data Controller of your Personal Information will depend on your relationship with us. This will be detailed in the documentation that we send to you such as your policy terms and conditions. Alternatively, you can contact our data protection officer at [email protected]. Either company will treat your Personal Information in accordance with the terms of this Privacy Policy.

Insurance involves the use and disclosure of your personal data by various insurance market participants such as intermediaries, insurers and reinsurers.

Who do we collect personal information about

  • Prospective and existing policyholders and beneficiaries
  • Third parties or individuals who will act on behalf of a policyholder such as a power of attorney, solicitor or family member
  • Third party claimants
  • Witnesses
  • Users of our claims portal
  • Visitors to our website
  • Individuals with whom we do business such as brokers and third party suppliers

How we collect your Personal Information

We collect your Personal Information from:

  • you (e.g. via your application or claim form, correspondence with us including telephone calls (please note that telephone calls are recorded) and emails and via your use of our claims portal);
  • third parties such as witnesses and medical professionals;
  • the policyholder (where you are a third party such as a beneficiary);
  • financial crime and fraud detection agencies and third parties we use to carry out credit checks;
  • other companies in the Lighthouse Group;
  • other third parties involved in your insurance policy or claim such as brokers, claims handlers, investigators, loss adjusters;
  • publically available sources (for example, searches using google, public registers and social media);
  • any third parties in the event of a sale, merger, reorganisation, transfer or dissolution of our business; and
  • your use of our website (e.g. our web servers collect the name of the domain you used to access the internet, such as "aol.com" or "yahoo.com," and the website you came from and visit next).

Cookies

We may also collect information via cookies which are small pieces of data stored by your internet browser on your computer's hard drive. We use cookies to ensure that you can benefit from and use the online claims portal systems if so requested by you. You may be able to set your browser to notify you when you receive a cookie or to prevent cookies from being sent. Please note, however, that, by not accepting cookies, you may limit the functionality we can provide to you when you visit our website.

Types of Personal Information that we collect

Depending on your relationship with us, Personal Information that we collect may include:

  • General identification and contact information such as your name, address and other contact details and date of birth;
  • ID documents such as passport/driving licence;
  • Any information relevant to your insurance policy such as lifestyle, income and employment status;
  • Job information where it relates to a claim made on a policy, for example where the policyholder can’t make repayments due to unemployment;
  • Information relevant to any claims made;
  • Details about family such as dependents or spouses;
  • Information which is available publically;
  • Financial information such as your bank account details and credit history;
  • Your marketing preferences as you advise us;

If relevant, we will also collect "special category data" which is Personal Information relating health, genetic or biometric data, criminal convictions, For example:

  • Medical information such as your current health status, the details of any injuries or disabilities and medical history because it is relevant to your insurance policy or claims.
  • Your religious beliefs where you disclose it to us (for example if it relates to any medical treatment you are having).
  • Criminal convictions data where we carry out anti money laundering and fraud checks.

How and why we use your Personal Information

We use your Personal Information to:

  • Assess and process your insurance application;
  • Administer a policy;
  • Process any claims you may make;
  • Send you information regarding your policy;
  • Provide improved quality, training and security;
  • Carry out market research;
  • Comply with applicable laws and regulatory obligations;
  • Establish and defend legal rights;
  • Prevent, detect and investigate crime, including fraud;
  • To carry out fraud, credit and anti-money laundering checks;
  • To conduct sanction checks;
  • For business purposes such as management information, internal audit, reviewing products, systems development, accounting records, responding to enquiries, maintaining records of communications, enforcing compliance with our terms and providing quality training and security
  • To handle complaints.

We collect, use and disclose your Personal Information for the purposes set out above. For each purpose, we must have a legal ground to use your Personal Information.

When we process your Personal Information we will rely on the following legal grounds:

  • Such use is necessary to enter into or perform your contract of insurance. We rely on this legal ground in order to assess and process your application, administer a policy, handle claims and provide insurance services.
  • We have a legitimate interest which is not overridden by your rights or interests. We rely on this legal ground to manage our business; where you are a named party under a policy - to assess and process the application, administer the policy and handle claims and provide insurance services; respond to enquiries; maintain records of communications; enforce compliance with our terms.
  • Such use is necessary to comply with our legal obligations. We rely on this legal ground to prevent, detect and investigate crime, including fraud and to comply with applicable laws and regulatory obligation (for example where our regulator or law enforcement authorities require us to do something such as keeping records of our dealings with you and to conduct sanctions checking). 

  • We have obtained your consent. We rely on this legal ground for any direct marketing communications.

When we process your 'special category data' we must have an additional legal ground. We will rely on the following legal grounds:

  • Such use is necessary for an insurance purpose. We rely on this legal ground in order to advise and arrange your contract of insurance, assess and process your insurance application, administer your policy and handle claims under an insurance policy.
  • We need to establish, exercise or defend our legal rights. We rely on this legal ground in order to handle complaints, to prevent, detect and investigate crime, including fraud or to comply with applicable laws and regulatory obligations.
  • It is in the substantial public interest to comply with regulatory requirements relating to unlawful acts and dishonesty. We rely on this legal ground in order to comply with applicable laws and regulatory obligations for example where our regulator or law enforcement authorities require us to do something or to keep records of our dealings with you and to prevent, detect and investigate crime.
  • It is in the substantial public interest to prevent or detect unlawful acts (where we suspect fraud). We rely on this legal ground to prevent, detect and investigate crime, including fraud and to comply with applicable laws and regulatory obligations for example where our regulator or law enforcement authorities require us to do something or to keep records of our dealings with you.
  • We have your explicit consent.

We will not share your Personal Information with any third parties for any purpose other than those described above. For example, we will not sell Personal Information to third parties that may wish to market their products and services to you.

Sharing your Personal Information

We may disclose Personal Information we collect to other organisations as detailed below. The organisations to whom we disclose Personal Information are obligated to use such information only for the purposes stated above. Disclosures may be made to the following third parties: s

  • Third parties involved in the administration of a policy such as our reinsurer or brokers.
  • Third parties who brand and sell our insurance policies.
  • Third party administrators who we use to assist with the administration of a claim such as claims handlers, loss adjustors and independent medical advisers.
  • Third parties who provide sanctions checking services, anti-fraud and credit checks.
  • Financial crime and fraud detection agencies.
  • Service Providers such as legal advisers, fraud investigators, the police and various Government agencies) and distributors of our products. In all cases, we will require service providers to whom we provide Personal Information to comply with our Privacy Policy and to use the information solely for the purposes for which we have retained them. Disclosure of Personal Information to these service providers is done to help us better serve you.
  • Our group companies.
  • Other insurers, regulators and industry/public bodies.
  • Any third parties in the event of a sale, merger, reorganisation, transfer or dissolution of the business.
    • Disclosure of your Personal Information to the parties listed above, may involve the transfer of such information to other countries, including those outside of the EEA (see section “International transfers of Personal Information” below).

      Security of collected information

      We maintain strict physical, electronic, and administrative safeguards in accordance with applicable standards to protect your Personal Information from unauthorized or inappropriate access and prevent the loss or misuse of your Personal Information. We restrict access to Personal Information to employees and service providers who need to know the information for the purposes set out in this Privacy Policy.

      E-mail communications outside of our website may not be protected. If you are sending us an e-mail communication that includes highly confidential information, such as a credit card number, you may want to call us or send it by registered post.

      We have deployed an adequate procedure to identify and communicate any incident of data breach within 72 hours and to resolve it within a reasonable period of time.

      Retention of Personal Information

      Your Personal Information shall be retained as long as needed for the purposes specified in this Privacy Policy and will depend on your relationship with us and the type of Personal Information we hold about you. In certain circumstances we will need to retain some Personal Information following the end of our relationship with you, especially in order to resolve any potential disputes and for ongoing or prospective legal proceedings, to maintain records of our services, or to otherwise comply with our legal obligations and defend our legal rights.

      We undertake to keep your Personal Information safe, confidential, accurate and efficient for the relevant usage duration period.

      At the end of the retention period, your Personal Information will be anonymized or destroyed.

      International transfers of Personal Information

      Due to the global nature of our business, we may need to transfer Personal Information to our group companies or third parties located in other countries for the purposes set out in this Privacy Policy. In such a case, we will ensure your Personal Information is given a similar level of protection as required under data protection law in your country of residence and we will ensure that we take adequate steps to ensure that your Personal Information is protected such as:

      • entering into contractual obligations with the party we are transferring your Personal Information to;
      • transferring to countries which have been deemed 'adequate' by data protection authorities; or
      • complying with 'binding corporate rules' which are a set of rules approved by the Information Commissioner's Office which allow Lighthouse group companies to transfer Personal Information between themselves.

      Third party websites

      We are not responsible for the content, security or information collection practices of any third party websites, including those that you link to from our website. You should carefully review the privacy policies of each web site you visit to understand how they collect, use, and disclose information.

      Your legal rights

      In accordance with data protection laws, you have a right to:

      • Obtain a copy of the Personal Information we hold about you, together with other information about how we process it;
      • Request rectification of inaccurate or incomplete Personal Information, and, in some circumstances, to request us to erase or restrict our use of it, or otherwise to object to our processing of your Personal Information for direct marketing purposes; 

      • Receive a copy or have a copy transmitted to another company (portability of data) (in a machine-readable format) of Personal Information which you have provided to us;
      • Make a complaint about how we handle your data to the Information Commissioner's Office. Please visit www.ico.org.uk for further information about how to do this.
      • Withdraw any consent which you have given relating to use of your Personal Information, at any time. This includes consents to receiving direct marketing communications.

      Note that there are certain limitations and exemptions to these rights which we may apply depending on the circumstances.

      To exercise any of these rights, please contact us using the details set out in the 'contacting us' section.

      Contacting Us

      If you have any questions about this Privacy Policy or you want to exercise your rights regarding data protection: Data Protection Officer.

      Changes to this Policy

      Please check this Privacy Policy periodically to inform yourself of any changes. Although we reserve the right to modify or supplement this Privacy Policy, we will provide notice to you on this website of any major changes for at least 30 days following the change.