UK and EEA Privacy Notice

The policy of Cranmore (“The Company”) is to respect and protect the privacy of individuals on whom we process data in the course of our business, including data relating to employees, customers and claimants. 

To fulfil this policy, The Company agrees to exercise the safeguards and precautions set out in this written notice (the “Privacy Notice”) to maintain the confidentiality of information we process.

This Privacy Notice sets forth The Company’s current policies and practices with respect to:

  • what personal information about you we may hold or collect;
  • how we may use your personal information;
  • who we may disclose your personal information to;
  • contacting us and your rights to access and update your personal information; and
  • how changes to this Privacy Notice will be made.

The Company website may contain links to other third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you provide any personal information to such third-party websites.

Scope and applicability

This notice applies to you if you are a customer, client, claimant or beneficiary.

What personal data we process

We process the following of data collected during our relationship with you:

  • information including your name, address, contact details, details relating to the claim (which depending on the nature of the claim may include medical reports and reports of criminal convictions or crime reports (“Claim Details”) that you, your employer or an organisation who we insure or a third-party claimant provides to us in relation to the administration of an insurance / reinsurance policy that we insure or reinsure;
  • information relating to any request for assistance or support, including your name, address, contact details and details of any vulnerabilities (which may include medical reports) and financial information to support the claim;
  • information relating to any criminal or fraudulent activities provided to us by you or third parties (such as anti-fraud agencies or other insurers);
  • details of your visits to our website and information collected through cookies and other tracking technologies including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.

We collect this information from you, or from authorized third parties.

Why we process your personal data

We process your personal data for the following purposes:

  • insurance policy administration;
  • processing insurance claims;
  • processing insurance payments, and
  • compliance with applicable laws and regulations as well as security and fraud prevention, compliance with corporate financial responsibilities.

Our lawful basis for processing this data is that it is necessary for us to do so in order for us to fulfil a contractual obligation. 

Data transfers and recipients and legal justification for such transfers

We may share your data with third parties necessary to manage, investigate and process a claim.  This could include business partners, reinsurers, third party administrators, legal professionals, professional investigators and insurance brokers.  In accordance with applicable law, we may also share your Personal Data with governmental authorities, courts, external advisors, and similar third parties.  Depending on the nature of your claim, some of the aforementioned recipients may be located in jurisdictions outside the UK or the European Economic Area (“EEA”).

Recipients located outside the UK or the EEA provide an adequate level of data protection for your personal data and appropriate technical and organizational security measures are in place to protect your personal data.

Retention periods for and deletion of personal data

Your Personal Data will be deleted once it is no longer needed for the purposes for which it was originally collected or as required by applicable law.

Your rights

You have a number of rights with regard to the processing of your personal data.  These include:

  • the right to access – you have the right to submit a request to the Company for copies of your personal data. We may charge you a small fee for this service.
  • the right to rectification – You have the right to request that the Company correct any information you believe is inaccurate. You also have the right to request the Company to complete the information you believe is incomplete.
  • The right to erasure – You have the right to request that the Company erase your personal data, under certain conditions.
  • The right to restrict processing – You have the right to request that the Company restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to the Company’s processing of your personal data, under certain conditions.
  • The right to data portability – You have the right to request that the Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise these rights, please contact the Data Protection Officer at Enstar ( [email protected]).

Changes of this notice

This notice is subject to change and we review it each year.  Please revisit this website regularly to view the latest version.

How to contact us

If you wish to exercise your rights or if you have any questions concerning this notice, please contact the Data Protection Officer ([email protected]).

Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority.  Whilst we would prefer you contact us in the first instance, you are able to lodge a complaint with the UK Information Commissioner (www.ico.org.uk).