Hiscox is committed to protecting your privacy. This fair processing notice (this ‘notice’) sets out details of the information that we may collect from you and how we may use that information. Please take your time to read this notice carefully. When using a Hiscox website, this notice should be read alongside the website terms and conditions.
Hiscox is an international insurance business. We offer insurance to individuals, companies and other insurers. We do this both by providing insurance ourselves and by placing insurance with other insurers.
We need to collect and process data about our investors and certain other corporate third parties such as analysts and journalists. This makes the relevant Hiscox company a ‘data controller’. In this notice we use ‘we’ or ‘us’ or ‘Hiscox’ to refer to the organisation acting as data controller of your information.
The specific organisations for Hiscox are:
- Hiscox Ltd, company number 38877, registered address: Chesney House, 96 Pitts Bay Road, Pembroke HM 08 Bermuda.
- Hiscox Underwriting Group Services Limited, company number 04137419, registered address: Hiscox, 22 Bishopsgate, London EC2N 4BQ.
- Hiscox S.A., company number B217018, registered address: 35 Avenue Monterey L-2163, Luxembourg.
The specific company acting as a data controller of your personal information will be listed in the documentation we provide to you. If you are unsure you can also contact us at any time by emailing us at [email protected], or by post to the Data Protection Officer, Hiscox, 22 Bishopsgate, London EC2N 4BQ.
The personal information that we collect will depend on your relationship with us. We will collect different personal information depending on whether you are a Hiscox shareholder, analyst, journalist or another third party.
Please click on the relevant section below for detailed information about the types of personal information we are likely to collect and use about you in different circumstances.
This section will apply if you are a prospective shareholder of Hiscox.
- General information such as your name, and contact details.
- We will not collect any sensitive personal information about prospective shareholders.
We will collect information directly from you and from the following third parties:
- third parties involved in the purchase of shares;
- financial institutions or advisors (such as banks) who act as intermediaries to the share purchase;
- investment managers and stockbrokers;
- online trading platforms;
- third-party administrators and suppliers we appoint to help us carry out our everyday business activities including IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, our sub-contractors and tax advisers; and
- our own websites.
We may use your information for a number of different purposes. For each purpose we must have a ‘legal ground’ to use your personal information in such a way.
- We need to use your personal information to enter into a contract that we hold with you. For example, we need to use your personal information to enter into your share purchase agreement.
- We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.
- We have an appropriate business need (sometimes call a ‘legitimate interest’) to use your personal information. We will rely on this for activities such as maintaining our business records.
- You have provided your consent to our use of your personal information.
You will find further details of our ‘legal grounds’ for each of our processing purposes set out below.
| Purpose for processing | Legal grounds for using your personal information |
| To comply with our legal or regulatory obligations to maintain updated statutory books with a full list of shareholders. | We have a relevant legal obligation to maintain up-to-date statutory books. |
| To communicate with you in relation to your shares and notify you of Annual General Meetings. |
|
| To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers, or carrying out customer satisfaction surveys). | We have an appropriate business need (to effectively manage our business and communicate with our shareholders). |
From time-to-time, we may share your personal information with the other companies in our Group or with third parties. We will keep your personal information confidential and only share it with the third parties listed below for the purposes set out above.
If you would like further information regarding the disclosures of your personal information, please contact us using the details set out in section 10 below.
Where relevant, we will share your personal details with:
- other companies in the Hiscox Group, including where:
- necessary for our business administration purposes;
- we need to report information within our Group of companies.
- our regulators;
- the police and other third parties (such as banks or other insurance companies);
- our third-party service providers, such as IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers and tax advisers;
- selected third parties in connection with any sale, transfer or disposal of our business; or
- where necessary, courts and other alternative dispute resolution providers (such as arbitrators and mediators).
We may use your information for a number of different purposes. For each purpose we must have a ‘legal ground’ to use your personal information in such a way.
- We need to use your personal information to perform a contract that we hold with you. For example, we need to use your personal information to administer into your share purchase agreement.
- We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.
- We have an appropriate business need to use your personal information. We will rely on this for activities such as maintaining our business records, training and quality assurance, and developing and improving our products and services.
You have provided your consent to our use of your personal information.
This section will apply if you are a current shareholder of Hiscox.
General information such as your name, address and contact details.
- Information such as IP address and browsing history obtained through our use of cookies. You can find more information about this in our cookies policy which can be found www.hiscoxgroup.com/site-tools/cookies-policy.
We will not collect any special category data from shareholders.
We will collect information directly from you and from the following third parties:
- third parties involved in the purchase of shares;
- financial institutions or advisors (such as banks) who act as intermediaries to the share purchase;
- investment managers and stockbrokers;
- online trading platforms;
- third-party administrators and suppliers we appoint to help us carry out our everyday business activities including IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, our sub-contractors and tax advisers; and our own websites.
We may use your information for a number of different purposes. For each purpose we must have a ‘legal ground’ to use your personal information in such a way.
- We need to use your personal information to perform a contract that we hold with you. For example, we need to use your personal information to administer into your share purchase agreement.
- We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.
- We have an appropriate business need to use your personal information. We will rely on this for activities such as maintaining our business records, training and quality assurance, and developing and improving our products and services.
You have provided your consent to our use of your personal information.
| Purpose for processing | Legal grounds for using your personal information |
| To comply with our legal or regulatory obligations to maintain updated statutory books with a full list of shareholders. | We have a relevant legal obligation to maintain up to date statutory books. |
| To communicate with you in relation to your shares. |
|
| To provide improved quality, training and security (for example, through recorded or monitored phone calls to our contact numbers, or carrying out customer satisfaction surveys). | We have an appropriate business need (to effectively manage our business and communicate with our shareholders). |
| To enable us to manage our business operations, such as by maintaining accounting records, carrying out analysis of financial results, using information to meet internal audit requirements, and receiving professional advice (e.g. tax or legal advice). |
|
| To buy or sell Group companies or to restructure our business. |
|
From time-to-time, we may share your personal information with the other companies in our Group or with third parties. We will keep your personal information confidential and only share it with the third parties listed below for the purposes set out above.
If you would like further information regarding the disclosures of your personal information, please contact us using the details set out in section 8 below.
Where relevant, we will share your personal with:
- other companies in the Hiscox Group, including where:
- necessary for our business administration purposes;
- we need to report information within our Group of companies;
- our regulators;
- the police and other third parties (such as banks or other insurance companies);
- our third-party service providers, such as IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers and tax advisers;
- selected third parties in connection with any sale, transfer or disposal of our business; or
- where necessary, courts and other alternative dispute resolution providers (such as arbitrators and mediators).
If you are a journalist, this section will be applicable to you.
- General information such as your name and contact details.
- Information about your job including job title.
We will not collect any sensitive personal information.
- publically available sources such as internet search engines, news articles and social media sites;
- third-party administrators and suppliers we appoint to help us carry out our everyday business activities including IT suppliers, auditors, lawyers, document management providers, outsourced business process management providers, our sub-contractors and tax advisers; and
- our own websites
We may use your information for a number of different purposes. For each purpose we must have a ‘legal ground’ to use your personal information in such a way.
When the information that we process is classed as ‘sensitive personal information’, we must have a specific, additional ‘legal ground’ to process such information.
- We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you.
- We have an appropriate business need to use your personal information. We will rely on this for activities such as issuing press releases, managing events and maintaining our business records.
- You have provided your consent to our use of your personal information.
When the information that we process is classed as ‘sensitive personal information’, we must have an additional ‘legal ground’. We will rely on the following legal grounds when we process your ‘sensitive personal information’:
- We need to use your sensitive personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third-party brings against you.
- We need to use your personal information to prevent or detect crime and there is a substantial public interest in such use. This might happen when we are investigating allegations of insurance fraud.
- You have provided your explicit consent to our use of your sensitive personal information.
You will find further details of our ‘legal grounds’ for each of our processing purposes set out below.
| Purpose for processing | Legal grounds for using your personal information |
| To issue press releases. | We have an appropriate business need (to promote our business and issue news updates) |
| To invite you to meetings and events. | We have an appropriate business need (to promote our business and invite you to events). |
| To enable us to manage our business operations, such as by maintaining accounting records, carrying out analysis of financial results, using information to meet internal audit requirements, and receiving professional advice (e.g. tax or legal advice). |
|
From time-to-time, we may share your personal information with the other companies in our Group or with third parties. We will keep your personal information confidential and only share it with the third parties listed below for the purposes explained above.
If you would like further information regarding the disclosures of your personal information, please contact us using the details set out in section 8 below.
Where relevant, we will share your personal with:
- other companies in the Hiscox Group, including where:
- necessary for our business administration purposes; or
- we need to report information within our Group of companies;
- other press agencies where you are working on a joint press release;
- travel operators where we are organising your travel arrangements;
We do not use analyst, journalist or other third-party information for marketing purposes
We will only keep your personal information for the minimum periods required in order to fulfil the relevant purposes set out in this notice.
We are also required to keep certain information in order to comply with our legal and regulatory obligations.
The exact time period will depend on your relationship with us and the type of personal information we hold.
If you would like further information regarding the periods for which your personal information will be stored, please contact us using the details set out in section 8.
We (or third parties acting on our behalf) may store or process information that we collect about you in countries outside the European Economic Area (‘EEA’). Where we make a transfer of your personal information outside of the EEA we will take the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect your personal information to adequate standards.
For example, from time-to-time, we may have our US service provider send out press releases.
If you would like further information regarding the steps we take to safeguard your personal information, please contact us using the details set out in section 8.
We use a range of organisational and technical security measures to protect your information, including firewalls and access controls, which we review periodically. We also ensure that our employees receive appropriate data security training.
Under data protection law you have certain rights in relation to the personal information that we hold about you. There will not usually be a charge for dealing with these requests. You may exercise these rights at any time by contacting us using the details set out in section 8.
We are also required to keep certain information in order to comply with our legal and regulatory obligations.
Please note:
- the rights set out below do not apply in all circumstances;
- in some cases we may not be able to comply with your request (for example, where there is a conflict with our own obligations to comply with other legal or regulatory requirements). However, we will always respond to any request you make and if we can't comply with your request, we will tell you why.
Your rights include:
You are entitled to a copy of the personal information we hold about you and certain details of how we use it.
Your information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible.
We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it
In certain circumstances, you have the right to ask us to erase your personal information, for example where the personal information we collected is no longer necessary for the original purpose or, where we are relying on consent as our legal ground, you withdraw your consent. However this will need to be balanced against other factors. For example, we may have legal and regulatory obligations which mean we cannot comply with your request
In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to use your personal information.
In certain circumstances, you have the right to ask that we transfer personal information that you have provided to us to another third-party of your choice.
You can ask us to stop sending you marketing messages at any time. You can do this either by clicking on the ‘unsubscribe’ button in any email that we send to you or you can contact us using the details set out in section 8. Please note that even if you opt out of receiving marketing messages, we may still send you service related communications where necessary.
We do not currently carry out automated decision-making. However, if in the future we do, you will have a right to object to an automated decision in certain circumstances.
Where we process your personal information based on our appropriate business needs, you can object to such processing. In such cases, we will assess your objection against our business needs
For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information.
You have a right to complain to the Information Commissioner's Office (ICO) if you believe that any use of your personal information by us is in breach of applicable data protection laws and regulations. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/.
Making a complaint will not affect any other legal rights or remedies that you have.
If you would like further information about any of the matters in this notice or have any other questions about how we collect, store or use your personal information, you may contact us by emailing [email protected].
From time-to-time we may need to make changes to this notice, for example, as the result of changes to law, technologies, or other developments. Where we make substantial changes to this notice we will provide you with an updated copy. You can also check our website https://www.hiscoxgroup.com/site-tools/privacy periodically to view the most up-to-date notice.
This notice was last updated on: 21 Feb 2024.
We are committed to protecting your privacy.
