Business Privacy Notice

Protecting your privacy is very important to us.

We are committed to:

  • protecting personal data that we receive when we provide our services to clients.
  • maintaining transparent practices and explaining how we collect, process, and share that data.

This Business privacy notice explains how and why  PartnerRe Ltd,  its subsidiaries and affiliates (“PartnerRe”, “we” or “us“) collect and use personal data  when we provide our services as a reinsurance business. A full list of all PartnerRe entities is available at https://partnerre.com/offices/.

In this privacy notice:

you or your, refers to

  • the individual whose personal data may be/is being processed by us (e.g. the insured/policy holder, beneficiary, claimant or other person involved in a claim or relevant to a policy).
  • the individual acting as as or working for a business partner (“Business Partner’s Employee”).

There are other terms in bold with specific meanings. Those meanings can be found here.

1. WHO IS PARTNERRE?

PartnerRe Ltd. is a leading global reinsurer that helps insurance companies reduce their earnings volatility, strengthen their capital and grow their businesses through reinsurance solutions. Risks are underwritten on a worldwide basis through the PartnerRe‘s three segments: P&C, Specialty, and Life and Health.

2. WHAT IS (RE)INSURANCE?

Reinsurance is insurance that is purchased by an insurance company. In the classic case, reinsurance allows insurance companies to remain solvent after major claims events, such as major disasters like hurricanes and wildfires. The company that purchases the reinsurance policy is called a “ceding company” or “cedent” or “cedant” under most arrangements. The company issuing the reinsurance policy is referred simply as the “reinsurer“.When a reinsurer purchases insurance from a further reinsurer, this is called retrocession and the further reinsurer is referred to as the retrocessionaire.

In order to obtain reinsurance or retrocession, information, including your personal data, needs to be shared between different insurance market participants.

PartnerRe is committed to safeguarding that information.

3. APPLICATION OF LOCAL LAWS

This privacy notice is designed to provide compliance with the EU General Data Protection Regulation.

Where relevant applicable local regulations require stricter standards than those described in this privacy notice, we will ensure compliance with those stricter standards.

If applicable law provides for a lower level of protection of personal data than that established by this privacy notice, then this privacy notice shall prevail.

4. WHAT DATA MAY WE COLLECT ABOUT YOU (YOUR PERSONAL DATA) ?

The type of personal data we may collect and process may include any of the below (where permitted by law):

Types of Personal Data Details
Individual
details ►
Name, address (including proof of address), other contact details (e.g. email addresses and telephone numbers), gender, marital status, date and place of birth, age, nationality, height and weight, leisure activities and interests
Your family health or morbidity history, number of children and name, age and gender of children, your dwelling type
Identification details ► Identification numbers issued by government bodies or agencies, including your social security number (or local equivalent), passport number, tax identification number and driving license number
Employment and experience information ►Your employment history, employer, job role, salary, employment benefit options, educational background and any professional licenses and qualifications
Financial information ► Bank account or payment card details, income, investment/savings or other financial information including household income, home valuation and household demographics
Risk
details ►
Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include data relating to your health, criminal convictions, or other special categories of personal data. For certain types of policy, this could also include telematics data.
Policy
information ►
Information about the quotes you receive and policies you take out
Credit and anti-fraud data ► Credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you
Previous and current claims ► Information about previous and current claims, (including other unrelated insurances),which may include data relating to your health, criminal convictions (but only where it is lawful to collect this data), or other special categories of personal data and in some cases, surveillance reports
Special categories of personal data ► Certain categories of personal data which have additional protection under the GDPR. The categories are health (such as your and your family medical history, genetic test results and information, prescription history, death certificate and reports on medical diagnoses, tests and treatment), criminal convictions (but only where it is lawful to collect this data), racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric (fingerprint and voiceprint), or data concerning sex life or sexual orientation

 

5. WHERE MIGHT WE COLLECT YOUR PERSONAL DATA FROM?

We might collect your personal data from various sources, including:

  • You
  • Your insurer
  • Other insurance market participants;
  • Anti-fraud databases, sanctions lists, court judgements and other public databases;
  • In the event of a claim, third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, solicitors, and claims handlers;
  • From third party evidence providers;
  • From healthcare service providers;
  • From financial institutions;
  • From pension processing platforms; or
  • Directly from an individual.

Which of the above sources apply will depend on your particular circumstances.

With the exception of a Business Partner’s employee, we do not normally collect personal data from you directly.  There might be instances where certain tools allow for data supplied by you directly to the insurer to be automatically provided to us. We may also collect personal data if you voluntarily supply it to us, for example by sending us an email.

6. FOR WHAT PURPOSES DO WE USE YOUR PERSONAL DATA?

We may use your personal data:

  • to provide our services and fulfil our contractual obligations to clients and other third parties;
  • to review, process and manage claims;
  • to conduct data analysis, which helps us assess risks, price our products appropriately and improve our services;
  • to carry out background checks and help up prevent and detect fraud, money laundering, terrorism and other crimes;
  • to help research and develop new and improve existing services and products;
  • to operate and expand our business activities;
  • to perform administrative activities in connection with our services;
  • to exercise, defend and protect our legal rights or the rights of our clients or third parties;
  • to comply with legal obligations and to cooperate with regulatory bodies to which we are subject;
  • to audit our business;
  • for books of business transfers, company sales & reorganisations; and
  • for marketing purposes (e.g. newsletters, surveys, clients events, etc.) (for Business Partner’s Employee only).

7. WHAT ARE THE LEGAL BASES ON WHICH WE USE YOUR PERSONAL DATA?

We are committed to processing your personal data fairly and lawfully and only to the extent necessary to achieve the purposes listed above.

We must have a legal basis to process your personal data. In most cases, our ability to obtain and process your personal data is based on one of the following legal bases:

Legal basesDetails
For processing personal data
Compliance with a legal obligation Processing is necessary for compliance with our legal obligation, such as due diligence and reporting obligations, and responding to requests from our regulators.
For our legitimate business interests Processing is necessary to meet our legitimate interests and the legitimate interests of our clients for example to provide our services to clients, to improve our services, to ensure we price our products appropriately, to manage risk, to manage our business efficiently, to perform audits, and to maintain accurate records.

 

For processing special categories of personal data
Your explicit consent  Where consent is legally required to process special categories of your personal data, your insurance provider (or the organization that collected your personal data) will obtain consent from you.

You are free to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal by contacting the organization that collected your personal data. Withdrawal of this consent may however prevent us from continuing to provide the services to the insurance market participant and thus indirectly to you.

For legal claims Processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity.
Local law authorization Processing is otherwise authorized by local law.
For statistics ►Processing is necessary for compiling (re)insurance specific statistics, analytics and actuarial calculation (for example for the development of new products, tariffs)

 

8. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

We may share your personal data with third parties under the following circumstances:

  • PartnerRe group companies. We operate as a global business, so we may share your personal data with group companies who may use this data for the purposes described in this privacy notice.
  • Insurance market participants and financial institutions. We may share your personal data with insurance market participants, financial institutions and business partners that use your personal data in connection with the provision of insurance and processing of claims.
  • Service providers. We may share your personal data with service providers that perform services and other business operations for us, for example, IT and analytics providers, medical specialists and hospitals, actuarial service entities, auditors and advisers.
  • Any law enforcement agency, court, regulator, government authority or professional body. We may share your personal data with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
  • Asset purchasers/ mergers and acquisitions. We may share your personal data with any third party that purchases, or to which we transfer, all or substantially all of our assets and business or with whom a restructuration transaction is contemplated. Should such a sale or transfer or restructuration occurs, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal data uses it in a manner that is consistent with this privacy notice.

9.  INTERNATIONAL TRANSFERS

We may need to transfer your personal data to recipients located in countries outside the European Economic Area (EEA). These countries’ data protection laws may not offer the same level of protection for personal data as offered in the EEA.

Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections as EEA data protection laws. In such cases, EU data protection laws allow PartnerRe to freely transfer your personal data to such countries.

If we transfer your personal data to other countries outside the EEA, we will establish legal grounds justifying such transfer, such as model contractual clauses, Binding Corporate Rules, individuals’ consent, or other legal grounds permitted by applicable legal requirements.

For more information on the appropriate safeguards in place, please contact us at the details contained in the “Contact us” section below.

10. RETENTION OF YOUR PERSONAL DATA

We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected and any other permissible, related purpose. Beyond that, we retain personal information for a period of time that reasonably allows us to investigate, commence or defend legal claims brought by or against us or our clients, comply with our regulatory obligations and conduct analysis.

We securely destroy personal data when its retention period has expired. We may retain aggregated or anonymised data (which is not treated as personal information under this privacy notice) for longer.

11. PROTECTION OF YOUR PERSONAL DATA

We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal data we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal dataWe evaluate these measures on a regular basis to ensure the security of the processing.

12. AUTOMATED DECISION MAKING AND PROFILING

Profiling

We might collect your Personal Data and compile the information received about you to analyze and predict aspects concerning your personal characteristics (such as but not limited to risk, behavior, preferences) as an insurance buyer, claimant or beneficiary of an insurance cover. We may automatically process your Personal Data using software.

Automated decision making

We currently do not take any automated decisions that will affect your ability to obtain or claim for insurance cover with our client. Nevertheless, your Personal Data may be used to derive profiles as described above. These profiles may become the basis of automated decision making.

13.  YOUR RIGHTS

If you have any questions in relation to the use of your personal data, or would like to exercise any of the following rights, you should first contact the data protection contact of the relevant participant (as specified under IDENTITIES OF DATA CONTROLLERS SECTION). Under certain conditions, you may have the right to ask us to:

  • provide you with further details on the use we make of your personal data/special category of data;
  • provide you with a copy of the personal data that you have provided to us;
  • update any inaccuracies in the personal data we hold;
  • delete any special category of data/personal data that we no longer have a lawful ground to use;
  • where processing is based on consent, withdraw your consent so that we stop that particular processing.  Withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal but may prevent us from continuing to provide the services to the insurance market participant and thus indirectly to you.
  • object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
  • receive your personal data in a usable electronic format and transmit it to a third party (right to data portability); and
  • restrict how we use your personal data whilst a complaint is being investigated.

In certain circumstances, we may need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).

14.  YOUR RIGHT TO COMPLAIN TO THE SUPERVISORY AUTHORITY

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights in YOUR RIGHTS SECTION, or if you think that we have breached the GDPR, then you have the right to complain to your local supervisory authority (i.e. the supervisory in the jurisdiction where you live or work) or the supervisory authority of the jurisdiction where you believe an infringement of data protection laws has occurred.  Each supervisory authority may have a difference process for lodging complaints so we encourage you to contact the relevant supervisory authority first to check this.

15.  IDENTITIES OF DATA CONTROLLERS

Important note:
The insurance lifecycle involves the sharing of your personal data between insurance market participants, some of which (like us) you will not have direct contact with. In addition, your personal data may not have been collected directly by an insurance market participant. You can find out the identity of the initial data controller of your personal data within the insurance market life-cycle in the following ways:

Where you took out the insurance policy yourself: the insurer and, if purchased through an intermediary, the intermediary will be the initial data controller and their data protection contact can advise you on the identities of other insurance market participants that they have passed your personal data to.

Where your employer or another organisation took out the policy for your benefit: you should contact your employer or the organisation that took out the policy who should provide you with details of the insurer or intermediary that they provided your personal data to and you should contact their data protection contact who can advise you on the identities of other insurance market participants that they have passed your personal data to.

Where you are not a policyholder or an insured: you should contact the organisation that collected your personal data who should provide you with details of the relevant participant’s data protection contact.

PartnerRe Ltd, located at Wellesley House South, 90 Pitts Bay Road, Pembroke HM08, Bermuda is the controller in respect of the personal data we receive in connection with your use of the PartnerRe website. Please refer to our Web Privacy and Cookie Policy and our Terms of Use.

Where your personal data is processed in connection with the services provided by PartnerRe under an engagement with an insurance market participant, the relevant PartnerRe entity that has entered into such engagement with the relevant insurance market participant shall be the controller in respect of the personal data.

16. CONTACT US

If you have questions or concerns regarding the way in which your personal data has been used, please e-mail us at dataprotection@partnerre.com or call or write to us.

Bermuda:

Wellesley House South
90 Pitts Bay Road
Pembroke HM08
Bermuda

Phone: +1 441 292 0888

Ireland:

5th Floor, Block 1
The Oval
160 Shelbourne Road
Dublin 4
Ireland

Phone: +353 1 637 9600

For all other postal addresses, please see https://partnerre.com/.

17. CHANGES TO THE PRIVACY NOTICE

We may modify or update this privacy notice from time to time.

This privacy notice has been updated on June 25, 2018.

If we make changes to this privacy notice, we will update the date it was last changed and publish the revised privacy notice on our website.

18.  GLOSSARY

Key insurance terms:

Beneficiary is an individual or a company that an insurance policy states may receive a payment under the insurance policy if an insured event occurs. A beneficiary does not have to be the insured/policyholder and there may be more than one beneficiary under an insurance policy.

Business partners: insurance market participants, lawyers, medical experts, accountants, auditors, loss adjusters, individual representative of corporate service providers, etc.

Claimant is either a beneficiary who is making a claim under an insurance policy or an individual or a company who is making a claim against a beneficiary where that claim is covered by the insurance policy.

Quotation is the process of providing a quote to a potential insured/policyholder for an insurance policy.

Insurance is the pooling and transfer of risk in order to provide financial protection against a possible eventuality. There are many types of insurance. The expression insurance may also mean reinsurance. 

Insurance policy is a contract of insurance between the insurer and the insured/policyholder.

Insurance market participant(s) or participants: is an intermediary (broker), insurer, reinsurer, TPA, MGA, MGU, etc.

Insured/policyholder is the individual or company in whose name the insurance policy is issued. A potential insured/policyholder may approach an intermediary to purchase an insurance policy or they may approach an insurer directly or via a price comparison website.

Insurers: (sometimes also called insurance company or underwriters) provide insurance cover to insured/policyholders in return for premium. An insurer may also be a reinsurer.

Intermediaries (brokers) help policyholders and insurers arrange insurance cover. They may offer advice and handle claims. Many insurance and reinsurance policies are obtained through intermediaries.

MGA is a Managing General Agent and in insurance defined legally as an individual or business entity appointed by an insurer to solicit applications from agents for insurance contracts or to negotiate insurance contracts on behalf of an insurer and, if authorized to do so by an insurer, to effectuate and countersign insurance contracts.

MGU in insurance stands for Managing General Underwriter, which is used in life and health companies instead of managing general agent (MGA). The terms are used interchangeably, and there is little real distinction.

Personal Data is any information relating to an identified or identifiable natural person ‘data subject’; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Premium is the amount of money to be paid by the insured/policyholder to the insurer in the insurance policy.

Reinsurers provide insurance cover to another insurer or reinsurer. That insurance is known as reinsurance.

TPA is a Third-Party Administrator, which is an organization that processes insurance claims or might administer other services such as underwriting, customer service, etc.

We, us or our refers to PartnerRe Ltd, its subsidiaries and affiliates.

You or your,  refers to

  • the individual whose personal data may be/is being processed by us . You (e.g. the insured/policy holder, beneficiary, claimant or other person involved in a claim or relevant to a policy);
  • the individual acting as or working for a business partner (“Business Partner’s Employee”)

Key data protection terms:

GDPR is the EU General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).

Find a Contact