Privacy Notice - Volante Group

ABOUT US

In this Privacy Notice, ‘we’ and ‘us’ means Volante Global Ltd and their subsidiary companies, which are listed below. ‘Group’ means that group of companies or its members. The Volante Global companies that may act as data controllers for your personal data are:

Volante Global Ltd
Horizon Europe AG
Volante International Ltd
Bridge Underwriting AB
Volante Germany GmbH
Volante Germany (UK Branch)
Volante Canada Ltd

Any personal data that is captured from you via this website will be processed by Volante Global Limited as Data Controller.

If you are referred to this Privacy Policy in relation to a specific product then the Volante entity who will be processing your personal data as data controller is set out in the following table:

Product	Risk Location	Controller
Aesir Space	EEA	Volante Germany (UK Branch)
Aesir Space	UK & Non-EEA	Volante International Limited
Affinity Solutions	UK & Non-EEA	Volante International Limited
Bridge Underwriting	All	Bridge Underwriting AB
Edison Motor	UK & Non-EEA	Volante International Limited
Gentium Motor	EEA	Volante Germany (UK Branch)
Gentium Motor	UK & Non-EEA	Volante International Limited
Volante Financial & Professional	EEA	Volante Germany (UK Branch)
Volante Financial & Professional	UK & Non-EEA	Volante International Limited
Volante Germany	UK	Volante Germany (UK Branch)
Volante Germany	Non UK	Volante Germany GmbH

HOW WE COLLECT YOUR PERSONAL INFORMATION

We may collect personal information directly from you:

when you provide your details to us either online or offline
when you fill out a survey, or vote in a poll on our website
via cookies
via a telephone call, email or letter; and
when you provide a service to us

We may collect personal information from a number of different sources including:

directly from your employer (or your employer’s service provider or insurance broker) who has a policy with us
directly from one of our policyholders, or our policyholder’s broker, if you are a beneficiary of a policy and/or named within the policy such as a named driver.
directly from one of our policyholders when you may have witnessed or been involved in a claim with that policyholder
you or your employer’s insurance broker
third parties who handle claims on behalf of the insurance company

INFORMATION WE COLLECT

We may collect personal information about you. The information we collect will depend on the product or service it relates to.

Where Volante Global Limited is the data controller, we may collect the following about you:

contact details such as name, email address, postal address and telephone number
employment history
financial information such as bank details
information obtained through our use of cookies

Where Volante International Limited, Volante Germany GmbH, Volante Germany (UK Branch) or Bridge Underwriting AB is the data controller we may collect the following about you:

contact details such as name, email address, postal address and telephone number
relationship to other people on a policy
identification information such as date of birth or driving licence
information relevant to your insurance policy such as your occupation, details about your vehicle, property, previous policies or claims, recent damage
information relevant to your claims or your involvement in the matter giving rise to a claim
financial information such as bank details
information about your business and commercial assets
details of bankruptcies and other financial sanctions
details of your current or former physical condition (special category personal data)
details regarding criminal offences, including alleged offences, criminal proceedings and outcomes.
Information obtained through our use of cookies

HOW WE USE YOUR INFORMATION (‘PROCESSING’ YOUR PERSONAL DATA)

We only use your personal information in accordance with the law which requires us to have a legal basis for processing your personal data. Depending on the type of data we are processing in a given situation, our legal basis for processing are:

Where we have your consent to do so and consent is the only legal basis that we have. Where we rely on consent you have the right to withdraw your consent at any time.;
Where we need your personal information to enter into or perform a contract such as a contract of insurance/reinsurance;
Where we have a legitimate interest to use your personal information. In such situations we will always take into account your rights and interests; and/or
Where we have a legal or regulatory obligation such as adhering to a regulator’s record keeping requirements.

Where we process special category personal data and/or criminal conviction data, it is necessary that we have additional legal grounds for processing this personal information. We will rely on this processing being in the substantial public interest and it is necessary for an insurance purpose such as considering an insurance application or preventing/detecting fraud and other unlawful acts or to establish, exercise or defend legal claims.

We use cloud technology storage solutions both within the United Kingdom and the European Union where your personal data may be stored for efficiency and performance reasons. We may also in the future utilise such facilities outside of the above territories.

The legal grounds we rely on for the various uses of personal information are set out below:

Nature of Processing	Personal Information*	Grounds for Processing
To review your insurance application, or one you are named in, and to provide a quote	Your contact details together with information such as age and occupation. Information about your possessions such as your property and vehicle. Details as to past claims and recent damage. Information about your business, your business premises and vehicles, your directorships. Special category personal data such as health information and criminal conviction data including motoring penalties	In order to enter into or perform a contract if you are the policyholder. We have a legitimate interest if you are not the policyholder to review an application and to provide a quote. For the special category and criminal conviction data, in the substantial public interest for insurance purposes
To administer, provide and service your insurance policy, or one you are named in	Your contact details together with information such as age and occupation Information about your possessions such as your property and vehicle. Details as to past claims and recent damage/Information about your business, your business premises and vehicles, your directorships, Special category personal data such as health information and criminal conviction data including motoring penalties	In order to enter into or perform a contract if you are the policyholder. We have a legitimate interest if you are not the policyholder to administer the insurance policy For the special category and criminal conviction data, in the substantial public interest for insurance purposes
To assess eligibility for and in handling and paying claims	Your contact details together with information such as age and occupation Information about your possessions such as your property and vehicle. Details as to past claims and recent damage Information about your business, your business premises and vehicles, your directorships, Information about you bank accounts Special category personal data such as health information and criminal conviction data including motoring penalties	In order to enter into or perform a contract if you are the policyholder. We have a legitimate interest if you are not the policyholder to assess, handle and pay claims For the special category and criminal conviction data, in the substantial public interest for insurance purposes
To communicate with you and resolve any complaints you may have	Your contact details Any information we already hold relevant to the communication Any information you have provided relevant to your complaint	We have a legitimate interest to investigate and resolve complaints and to respond to communications from you
To prevent, detect and investigate fraud.	Your contact details together with information such as age and occupation Information about your possessions such as your property and vehicle. Details as to past claims and recent damage Information about your business, your business premises and vehicles, your directorships, Information available in the public domain or on social media Special category personal data such as health information and criminal conviction data including motoring penalties	We have a legitimate interest to prevent fraud For special category and criminal conviction data, in the substantial public interest for insurance purposes and/or to establish, exercise or defend legal rights
To manage our business operations including producing management information, maintaining accounting records, analysing financial results, performance of internal and external audits, receiving professional advice, securing our systems, etc	Your contact details together with information such as age and occupation Information about your possessions such as your property and vehicle. Details as to past claims and recent damage Information about your business, your business premises and vehicles, your directorships, Information available in the public domain or on social media Special category personal data such as health information and criminal conviction data including motoring penalties	We have a legitimate interest to monitor our business performance, to maintain appropriate records, secure our systems, support external assessments, etc. For special category and criminal conviction data, in the substantial public interest for insurance purposes
Complying with our legal and regulatory obligations such as performing anti-money laundering and sanction checks	Your contact details Information about your possessions such as your property and vehicle. Details as to past claims and recent damage Information about your business, your business premises and vehicles, your directorships, Special category personal data such as health information and criminal conviction data including motoring penalties	In order for us to comply with our legal or regulatory obligations For special category and criminal conviction data, in the substantial public interest for insurance purposes and to prevent or detect unlawful acts
Providing your information to providers of services that you have expressed interest in as a business customer and a potential business customer	Your business contact information	We have a legitimate business interest to share your business contact information with external service providers or where we have your consent.
To review your application for employment by the Volante Group	Your contact details together with information as to your employment and education history	In order to assess your suitability to and/or to enter into a contract of employment

Note: * – The information listed for each type of processing is not necessarily all of the personal information processed for that purpose.

We currently do not process personal data to make automated decisions.

WHO WE SHARE YOUR DATA WITH?

We will share your personal information within the Volante Global Limited Group and/or the following third parties:

Your relatives or someone else acting on your behalf where you are incapacitated or unable, your employer, insurance broker, lawyer and/or other persons or organisations associated with you
Our insurance partners such as brokers, insurers, reinsurers or other insurance distributors
Third parties who assist us in the administration of insurance policies
Third parties who perform claims administration on our and/or the insurers’ behalf
Third parties who provide products acquired, or able to be acquired, in conjunction with an insurance/reinsurance contract such as roadside breakdown services.
Providers of vehicle data
Government agencies such as, but not limited to, the Office of Financial Sanctions Implementation, National Crime Agency, Financial Conduct Authority
Motor Insurers’ Information Centre and DVLA
Third party suppliers we use to support us in our day to day business activities including IT suppliers, actuaries, auditors, lawyers and tax advisers
Selected third parties in connection with the sale, transfer or disposal of our business.

USE OF YOUR INFORMATION OUTSIDE YOUR HOME TERRITORY

We routinely collect and/or process your personal information within the United Kingdom and European Economic Area where your data is protected in compliance with the data protection laws and regulations of the United Kingdom and the European Union.

We may transfer your personal information to countries outside of your home territory, the United Kingdom, and/or European Economic Area in which case we will ensure that your personal data is afforded the same level of protection as in your home territory. We will achieve this by:

Transferring data to countries that are deemed by your home territory to have adequate privacy legislation. The European Union maintain a list of jurisdictions that they have deemed to have “adequacy” with the GDPR requirements.
Establishing appropriate contracts governing the data transfer typically using a set of standard clauses as approved by the data protection authorities.
Utilising any approved transfer mechanisms or schemes that exist.

RETAINING YOUR PERSONAL INFORMATION

We keep your personal data for as long as is reasonably necessary to fulfil the purposes outlined previously in this notice and in order to comply with or demonstrate compliance with our legal and regulatory obligations. The exact time period we retain your data will depend on the purposes for which it is collected. We will typically retain:

quote information, where we did not underwrite the policy, for three years;
policy information for seven years after the policy expiry date and no further action is required on the policy;
claims information for seven years after the claim was closed;
complaint information for seven years; and
data captured in relation to an unsuccessful job application for 6 months.

There may be certain situations where your personal information may be retained for longer such as for long term insurance products, for example liability policies, or where a child may be involved in a claim.

THIRD PARTY LINKS

You might find links to third party websites on our website. These websites should have their own Privacy Policies which you should check. We do not accept any responsibility or liability for their Policies whatsoever as we have no control over them.

YOUR RIGHTS OVER THE PERSONAL DATA WE PROCESS

Under the data protection laws within the United Kingdom and European Economic Area, you have the following rights over your personal data. If you would like to exercise any of these rights in relation to personal data that we hold, please see how to contact us, below.

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

if you want us to establish the data’s accuracy;
where our use of the data is unlawful, but you do not want us to erase it;
where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data that you provided to us in a structured, commonly used, machine-readable format.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Request the review of an automated decision if you do not agree with the outcome.

Complain to the relevant data protection authority if you believe your personal information has been used by us in breach of applicable data protection laws and regulations. More information can be found on the relevant authority’s website as follows:

Controller	Authority	Website
Volante International Limited	Information Commissioner’s Office	www.ico.org.uk
Volante Germany (UK Branch) Limited	Information Commissioner’s Office	www.ico.org.uk
Bridge Underwriting AB	Datainspektionen	www.datainspektionen.se
Volante Germany GmbH	Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit	www.bfdi.bund.de

CONTACTING US

We welcome any queries, comments or requests you may have regarding this Privacy Notice, including any request to exercise your rights over your data. Please do not hesitate to contact us by the following methods:

Email: dataprotection@volanteglobal.com
or
Post: Data Protection Enquiries, Chief Risk Officer, Volante Global Limited, 30 St. Mary Axe, London EC3A 8BF

UPDATES TO THIS PRIVACY NOTICE

We may change this Privacy Notice periodically as a result of changes to government regulation, new technology or developments within data privacy laws. We may also make changes where we identify new sources of data or use your information differently provided that it is compatible with the purposes for which the data was originally collected.