1      Introduction

At Leap Guaranty LTD., we collect, use and process personal data on individuals, including the following individuals who are covered by this Privacy Notice (“Notice”):

• (prospective) insured persons, insurance applicants and policyholders (“Insureds”);
• beneficiaries and other persons named in the insurance policy (“Beneficiaries”);
• persons filing a claim under an insurance policy (“Claimants”);
• persons who serve as a witness in light of an insurance claim (“Witness”);
  • Collectively “Insurance Contacts”;

• individuals working for one of our business partners (“Business Contacts”);

• individuals who otherwise interact with us online or offline, for instance by visiting our offices
• or filing a general request for information via our website (“General Contacts”);

• individuals who use and visit our website (“Website Visitors”).

This Notice does not apply to Leap Guaranty LTD.  employees, job applicants, insurance brokers and agents or our Members (as defined below).

Leap Guaranty LTD.  takes its responsibility to protect your personal data. In that respect, we are committed to handle your personal data in accordance with all applicable data protection laws and be transparent as to how we collect, process and share that data.

This Privacy Notice is designed to inform you how Leap Guaranty LTD. , its subsidiaries and affiliates collect and use personal data when providing services as an insurance business. It explains how, why and when we collect, use, retain and disclose your personal data, as well as your own rights in relation to that data.

 

2       Who are we?

Leap Guaranty LTD.  consists of different legal entities pertaining to Leap Guaranty LTD., the details of which may be found here.

Leap Guaranty LTD.  is an insurance underwriting group. As part of our core activities, we underwrite insurance business via delegated authority. For this purpose, we work through a network of business relationships established with Insurance Market Participants (our Members) who we may rely upon to underwrite, administer policies, and adjudicate claims on our behalf.

For the purpose of this Privacy Notice and the General Data Protection Regulation 2016/679, including as transposed into UK law (“GDPR”) the following Leap Guaranty LTD.  entities act as controller and are responsible for the processing of your personal data:

• If you are an Insurance Contact, the relevant Leap Guaranty LTD. entity that underwrites the insurance policy that relates to you;
• If you are a Business Contact or General Contact, the relevant Leap Guaranty LTD. entity who you are in contact with acts as controller of your personal data.
• If you are a Website Visitor, Leap Guaranty LTD. Insurance Ltd. acts as controller for your personal data.

To consult these Leap Guaranty LTD.  entities’ contact details, please click here.

In a number of instances, we do not collect the data from you directly (see Section 6: Where Do We Get Your Personal Data From?).

3       What types of personal data do we process?

The personal data we process depends on your relationship with Leap Guaranty LTD.  as set out above and whether collection is permitted by applicable law. We collect and process the following categories of personal data from you:

Categories of Personal Data	Relationship with Leap Guaranty LTD.
Website usage data and related identifiers such as technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, and operating system and platform. Personal data collected by us also may automatically include information about your visit, including the full Uniform Resource Locators (URLs); clickstream to, through and from our site (including date and time); what you viewed or searched for; page response times; download errors; length of visits to certain pages; page interaction information (such as scrolling, clicks and mouse-overs); and methods used to browse away from the page. Please refer to our Cookie Policy for more information about how we use cookies.	Website Visitors
Individual details – name, address, gender, marital status, date of birth, nationality, marketing preferences, vehicle details, penalty points, and family details, including their relationship to you. Contact details, as well as further individual information about you in relation to a claim being made under a policy of insurance such including special categories data – such as medical / health information or criminal history – if the nature of the claim necessitates this. Identification details – identification numbers issued by government bodies or agencies, such as your social security number, passport number, tax identification number and driving licence number. Employment history – including information on your previous and current employer, job title, salary, employment benefit option, professional licences and educational/professional qualifications. Financial information – such as bank account or payment card details, income, investment or other financial information including home valuation and household income. Policy/Contractual information – such as details about quotes you receive and policies you hold and with whom you hold them. Fraud and credit related data – such as credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you Risk coverage details –information necessary to assess the risk to be insured and provide a quote. This may include data relating to your health, criminal convictions, or other special categories of personal data. For certain types of policies, this could also include telematics data. Previous and current claims – Information about previous and current claims (including other related insurances), which may include data relating to your health, criminal convictions, or other special categories of personal data and, in some cases, surveillance reports. Special categories of personal data and criminal convictions data – data concerning your health and criminal offences and convictions data.	Insureds Beneficiaries Claimants
Contact details, as well as further individual information about you in relation to a claim being made under a policy of insurance such including special categories data – such as medical / health information or criminal history – if the nature of the claim necessitates this.	Witnesses
Professional information and contact details such as information about your employer, your position/title and your professional contact details.	Business Contacts
Visual information such as images collected from security cameras in our offices and basic contact details for visitor registration purposes such as your name, relevant professional information and contact details.	General Contacts
Your marketing preferences.	Website Visitors Business Contacts General Contacts
Inferences drawn from the above-referenced categories of information to assess risk.	All Insurance Contacts
Any other information you voluntarily share with us e.g. when you contact our customer service or otherwise engage with us.	Website Visitors All Insurance Contacts Business Contacts General Contacts

 

We only process your special category and/or criminal personal data where strictly necessary. When we do, we (or our Members) will ask for your explicit consent where such is required in accordance with applicable data protection law, or we rely on a specific authorization in law that allows us to process this data.

4       What happens if you do not provide us with
your personal data?

Depending on the capacity in which you interact with us as set out above, i.e. as a Website Visitor, Insurance Contact, Business Contact or General Contact, we need to process your Personal Data for different purposes (see Section 6: Why do we process your personal data?) including to respond to your inquiry, communicate with you, handle claims, assess risk and make decision in regard to your insurance policy application.

If we are not provided with your personal data, we are unable to undertake these activities and this may result in, e.g., us being unable to communicate with you or your insurance application being denied because we are unable to assess the risk involved.

5       Why and on what legal grounds do we
process your personal data?

We will only use and process your personal data where we have a purpose and a legal ground to do so (where this is required under applicable data protection law). We use and process your personal data for the purposes and legal bases set out below, depending on your relationship with us and whether the processing is permitted under applicable law:

Purpose	Relationship with Leap Guaranty LTD.	Legal Ground
To consider an application for an insurance policy, assess and evaluate risk, determine the scope, risk coverage and premium of the policy and where applicable, provide you with insurance cover and any associated services. To manage and administer contracts including or with regard to insurance policies (including dealing with your queries) with you, your employer, our service providers, and our Members. To manage and administer claims under an insurance policy, including assessing and evaluating the merits of a claim and, where relevant to pay a settlement. To monitor risks and claims by performing spot checks. To perform data analysis, draw up insurance-specific statistics and risk qualifications, and to otherwise improve our insurance and underwriting products and services and carry out market research and risk modelling. To comply with our legal and regulatory obligations as an insurance company, including responding to requests from public authorities and fraud and money laundering prevention.	Insureds Beneficiaries Claimants	The processing of your personal data is necessary to perform a contract to which you are a party (the insurance policy) or to take steps prior to entering into a contract with you (Art. 6(1)(b) GDPR). The processing of your personal data is necessary for us to comply with legal and regulatory obligations (Art. 6(1)(c) GDPR). The processing of your personal data is necessary to support our legitimate interests in managing our business (or those of a third party), in particular to administer insurance policies and applications, claims and assess risk (Art. 6(1)(f) GDPR).
To manage and administer claims under an insurance policy, including assessing and evaluating the merits of a claim and, where relevant to pay a settlement.	Witnesses	The processing of your personal data is necessary to support our legitimate interests in managing our business (or those of a third party), including to administer claims (Art. 6(1)(f) GDPR).
Communicating with you and responding to your queries and complaints, providing you with information about our business upon your request, offering you customer service, and operating, securing and improving our website.	Website Visitors	We have a legitimate interest to operate our website and communicate with you upon your request (Article 6(1)(f), GDPR).
Contact you with respect to products and/or services offered by us which we believe may interest you (including direct marketing).	Insureds Claimants Website Visitors General Contacts	We have a legitimate interest to communicate with you upon your request and send you direct marketing for related products or services (Article 6(1)(f), GDPR) Depending on your location, we may also ask for your consent prior to sending you direct marketing
Carrying out audits and investigations, and to investigate and resolve complaints, grievances or misconduct	Website Visitors Insurance Contacts Business Contacts General Contacts	We have a legitimate interest to manage our business and to ensure that all investigations and proceedings are managed efficiently and effectively (Article 6(1)(f), GDPR) We have a legal obligation to do so (Article 6(1)(c), GDPR)
Preparing for and acting in relation to enquiries, investigations or proceedings, by governmental, administrative, judicial or regulatory authorities, including civil litigation. Complying with our legal and regulatory obligations including the prevention and detection of fraud, money laundering and other crimes.	Website Visitors Insurance Contacts Business Contacts General Contacts	We have a legitimate interest to manage our business and to ensure that all investigations and proceedings are managed efficiently and effectively (Article 6(1)(f), GDPR) We have a legal obligation to do so (Article 6(1)(c), GDPR)
In connection with a potential asset or stock acquisition of Leap Guaranty LTD. , or the outsourcing or insourcing of services provided by employees, providing reasonable diligence material to a third party or meeting any disclosure obligations as required by law.	Website Visitors Insurance Contacts Business Contacts General Contacts	We have a legitimate interest to manage our business (Article 6(1)(f), GDPR)
Securing our offices and workplace environment.	General Contacts	We have a legitimate interest to secure and protect our offices and business by taking measures such as visitor registration and CCTV security (Article 6(1)(f), GDPR) We have a legal obligation to do so (Article 6(1)(c), GDPR)

 

If you are in the European Economic Area (“EEA”) or the UK, You have a right to object to the processing of your personal data where that processing is carried out for our legitimate interests. Please note however that we may not be able to fulfil this request in all instances.

Before relying on legitimate interests as a legal basis, Leap Guaranty LTD.  performed a legal assessment to confirm that your rights do not override its legitimate interests. You can request further details on this assessment by contacting us using the contact details listed in Section 14: Contact details.

6       Where do we get your personal data from?

The source from which we get your personal data will always depend on your specific circumstances.

In most cases, we obtain your personal data from Insurance Market Participants (i.e. our Members) and other third parties such as your insurance agent or broker. 

On occasion, we may also receive/collect your personal data directly from you, such as when you are a Website Visitor or where you are otherwise in direct contact with us. We may also receive your personal data from  the following sources:

• Persons and companies you are affiliated with or related to including your family members, employer or representative;
• Credit reference agencies;
• Reinsurance companies and other third party insurance companies with whom you have, had, are applying for, or have filed a claim under an insurance policy;
• Anti-fraud databases (such as Claims and Underwriting Exchange (CUE) and Motor Insurance Anti-Fraud Theft Register (MIAFTR) databases), sanctions lists, court judgements and other public databases;
• Government agencies (such as the Driver and Vehicle Licensing Agency and HM Revenue and Customs);
• Open electoral registers and other publicly available registers such as company registers;
• Supervisory, regulatory and other public authorities;
• In the event of a claim, third parties including the other party to the claim (claimant/defendant), witnesses, experts (including medical experts), loss adjustors, external counsel, and claims handlers;
• Service providers such as organizations operating our website; and
• Other public and non-public sources including information that is publicly available online.

7       Automated decision-making including
profiling

Automated decision-making is a process whereby decisions, with effect on an individual, are made using automated computing means (i.e., without involvement of a human). Profiling is an automated process whereby personal data is processed to evaluate certain personal aspects of an individual to analyse or predict behaviour or aspects.

As explained above in Section 6: Why and on what legal grounds do we process your personal data? Leap Guaranty LTD.  performs data analytics to establish risk patterns and categories using its InsightFull platform. Leap Guaranty LTD.  offers this platform to our Insurance Market Participants, who, when calculating risk and insurance premiums and where such is permitted by applicable law, compare your personal data against these industry averages and patterns. This insurance specific exercise is considered profiling and/or automated decision-making and is necessary to enter into a contract with you – to confirm that the premium amount reflects and adequately matches the associated risk – and/or authorized under applicable law. As a result of these profiling activities, you may be offered a different insurance policy and/or premium, or even be refused insurance.

Profiling may also be used by our Insurance Market Participants to assess information relating to you, to identify and have a good understanding of fraud patterns. Where special categories of personal data are relevant, such as medical history or past criminal convictions for certain types of insurance, such special categories of personal data may also be used for profiling. However in this case we ask for your prior explicit consent unless we can rely on a basis in applicable law to process this data for profiling purposes.

Please reach out to us using the contact details in Section 13:Contact Details below if you want to receive more information.

8       Retention of your personal data

We will retain your personal data only for as long as is necessary for the purpose for which it was originally obtained, to comply with our legal and regulatory obligations, and to defend our rights, and always in line with the data retention periods set forth in the laws and regulations applicable to us.

9       Who do we share your personal data with?

We share your personal data with other Leap Guaranty LTD.  affiliates. Leap Guaranty LTD.  employees only have access and process your personal data on a “need to know” basis, i.e. only where such access and processing is necessary for such employees to performs the tasks and responsibilities allocated to them.

We also share your personal data with the following categories of third parties:

• Our service providers (e.g. IT vendors supporting our information security and technology, external counsel and other legal advisors, consultants, auditors, website and data hosting providers, marketing agencies, accountants, etc.);
• Governmental authorities including our supervisory regulatory authorities and law enforcement agencies;;
• Our Insurance Market Participants (Members)
• Contractors, brokers or financial institutions; and

Other third parties (i) upon your request; (ii) to protect and defend our rights and properties; (iii) to detect and/or prevent fraud or money laundering (including Claims and Underwriting Exchange (CUE) and Motor Insurance Anti-Fraud Theft Register (MIAFTR)); (iv) in the event of a sale, merger or reorganization of our assets or other restructuring; and/or (v) where we are, or believe in good faith that we are, under a legal obligation to share your data.

10  International data transfers

The recipients who we share your personal data with, as mentioned in Section 10: Who do we share your personal data with? may be located outside the European Economic Area (“EEA”) and the UK in jurisdictions that do not offer an adequate level of data protection, which means that local laws may provide for a lower standard of protection for personal data than is applicable within the EEA/UK.

We only transfer your personal data to these jurisdictions in compliance with applicable data protection law and transfer restrictions, and we implement appropriate safeguards where required. For example, if we transfer your personal data to other Leap Guaranty LTD.  companies located outside the EEA/UK, we rely on the EU Commission Standard Contractual Clauses (“SCCs”) (amended for use in the UK as appropriate) (Art. 46(2)(c) GDPR). Where your personal data is transferred to another recipient outside of the EEA/UK we will seek to enter into SCCs with the recipient, seek assurances from the recipient that they have Binding Corporate Rules in place (Art. 46(2)(b) GDPR) or, in exceptional circumstances, rely on a derogation under applicable data protection law (Art. 49 GDPR) (e.g., where the transfer is necessary for the defence of legal claims). Further, where there is a direct transfer of Personal Data from you as an individual to us or one of these recipients outside the EEA/UK we rely on the household exemption where this is available under applicable data protection law.

If you are in the EEA/UK, you may obtain more information with regard to the transfer mechanism used by contacting us using the contact details below.

If you are in the EEA/UK and would like to receive further details on the safeguards implemented for the transfer of your personal data, you may contact our Data Protection Team using the contact details reflected under Section 13: Contact Details below.

11  Your rights

As a data subject in the EEA/UK, you have rights with respect to the processing of your personal data under our control as follows:

• Access your personal data – You may ask us what personal data we process and request copies of such personal data.
• Rectification of personal data – You may ask us to rectify or update personal data that is inaccurate or incomplete
• Erasure of personal data – You may ask us to delete your personal data in certain instances;
• Restriction of processing – Under certain circumstance (such as when you question the accuracy of the personal data we hold on you or the lawfulness of its processing) you may request us to stop processing such data until your request is resolved.
• Data portability – in certain cases, you may ask us to send an electronic copy of your personal data directly to you or to another organization
• Object – You may object to any processing of your personal data, including profiling, based on the ground of legitimate interest.
• Withdraw – where processing of your personal data is based on your consent – you may at any time withdraw your consent however this will not affect any processing we did before withdrawal;

Please note that in addition to the above mentioned limitations to your rights, other limitations to the above rights may apply, for instance to safeguard the public interest (e.g., the prevention or detection of crime).

You also have the right to lodge a complaint about the processing of your personal data with the competent data protection authority which typically would be the supervisory authority of the country you are located in. To consult a full list of all EU data protection authorities, please click here. To consult the UK data protection authority’s contact details please click here.

In order to exercise the above listed rights, please contact our Data Protection Team using the contact details reflected under Section 13: Contact Details below.

12  Contact details and DPO

For all details regarding compliance with data protection laws, please contact our Group Data Protection Officer (“DPO”) by using the following contact details:

Postal Address:

Group Data Protection Officer

Bastion Tower – Floor 12

Place du Champ de Mars 5,

1050 Elsene,

Belgium

Email: DPO@accelins.com

13   Key
terms

Term	Meaning
Insurance Market Participants	Managing General Agents and Third Party Administrators or our “Members”.
Personal data	Any information relating to an identified or identifiable person i.e. who can be directly or indirectly identified
Special categories of data	Certain categories of personal data, which have additional protection under the GDPR. The categories are health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation.
We, us	Leap Guaranty LTD. companies
You, your	Website Visitors, Insurance Contacts, Business Contacts and General Contacts.