The Hartford International Customer and Third Party Privacy Notice

Last Updated: January 21, 2020

1.  SCOPE

The Hartford (“we, us, our”) values your trust and is committed to the responsible management, use and protection of personal information. The Hartford includes Hartford Fire Insurance Company, Navigators Management (UK) Ltd., Navigators International Insurance Company Ltd., Navigators Holdings (UK) Ltd., Navigators Holdings (Europe) N.V., Navigators Underwriting Agency Ltd., Navigators Underwriting Ltd., Navigators Insurance Company – U.K. Branch, Navigators Asia Limited, Bracht, Deckers & Mackelbert, ASCO—Assurances Continentales-Continentale Verzekeringen, and other entities of the group.  This international customer and third party privacy notice (“Privacy Notice”) is applicable to the information collected from or about you: in your interactions with us in relation to inquiries, applications, as our insured or customer, or as a claimant or beneficiary pursuant to one of our policies or services (we will refer to these interactions collectively as the “Consumer Services” throughout this Privacy Notice).  
This Privacy Notice will explain how we collect and use Personal Data (as defined below) about you when you use the Consumer Services, in accordance with the European Union ("EU") General Data Protection Regulation ("GDPR"), Swiss Data Protection Law, UK Data Protection Act of 2018, and other applicable EU or member state national data protection laws (together "Data Protection Laws").
This Privacy Notice supplements, but does not replace other applicable policies, practices and privacy notices that may relate to specific business relationships you have with The Hartford or to certain products or services, as described in the applicable privacy notice. In the event of a conflict between this Privacy Notice and a privacy notice for a specific product or service, the specific product or service privacy notice shall govern.
We may update this Privacy Notice at any time and any revisions will be posted on the The Hartford Privacy Policies. It is important that you read this Privacy Notice and any subsequent revisions, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are aware of how and why we are using such information. 

 

2.  PERSONAL DATA WE COLLECT, INCLUDING SPECIAL CATEGORIES

We collect the following personal data, including, under certain circumstances, and where legally permitted, "special categories" of data (i.e., more sensitive personal information receiving a higher level of protection such as information about your health, including any medical condition, health, sickness records; genetic data; biometric data; and criminal conviction data, "Special Categories of Personal Data") (collectively, your “Personal Data”):

a.   Individual Details: means: (i) personal contact and identifying information such as names, home addresses, email addresses, phone numbers, dates of birth, gender, family details and (ii) business contact details such as job title, email address, telephone number, and employment history

b.   Identification Details: means identification numbers issued by government bodies or agencies, including: social security numbers, passport number,  driver’s license number or national identification number;

c.    Policy Information: means information that you provide in support of an application for insurance, quote or a policy purchased, such as automobile information (including vehicle identification number).

d.   Financial Information: means bank account or payment card details, income or other financial information.

e.    Claim History: means information in relation with previous and current claims (such as photographs relating to a claim and information related to legal proceedings) including other unrelated insurances which may include data relating to your health or criminal convictions.

f.   Credit and Fraud Data: means credit history, credit score, sanctions and criminal offences, information received from various antifraud databases relating to you.

g.   Risks Details: means information about you which we need to collect in order to assess the risks to be insured and provide a quote. This may include data relating to your health and criminal convictions.

 

3.  HOW WE COLLECT YOUR DATA

You directly provide The Hartford with most of the Personal Data we collect. We collect and process Personal Data when you:
a.    Submit an application for insurance or request a quote for one of our products.
b.    Submit a claim for insurance coverage.
c.    Voluntarily complete a customer survey or provide feedback on any of our message boards or via email.
d.   Participate in a promotion.
e.   Contact us, such as for customer service purposes.
The Hartford may also receive your Personal Data indirectly from the following sources:
a.    From your family member, employer, broker or representative.
b.    In the event of a claim, third-parties including: the other party to the claim (claimant, defendant), witnesses, experts (including medical experts), loss adjustors and claim handlers.
c.    Affiliates, payment processors, service providers, and other third parties.
d.    Background check provider or credit reference agency.
e.    Information available in the public domain.
f.    Other insurers, brokers and reinsurers.
g.   Anti-fraud databases, sanctions lists, court judgments and other databases.
h.   Government agencies.
i.    Social media such as LinkedIn, Facebook and Twitter.
j.   Third party marketing databases.
k.  Analytics providers.
l.   Search information providers.

 

4.  PURPOSE AND LEGAL BASIS  FOR PROCESSING YOUR PERSONAL DATA

4.1. PROCESSING
    
Our processing activities in relation to consumer and third party personal data vary, such as the categories of data that we collect and the legal grounds upon which we process your personal data. For ease of reference, this information is provided in a table format, which can be accessed here.

4.2. MARKETING
We may use your Personal Data to send you marketing communications about our insurance products or our related services. This may be in the form of email, printed material sent by post, SMS, or telephone.  We will only ever do this in accordance with law, such as with your consent or if you are in a business relationship with us. You have the right to stop us marketing to you by opting out of such marketing when you receive electronic communications from us or by contacting our data protection officer.
Pursuant to the above, we may share your Personal Data with selected third parties, including:
•     Advertisers and advertising networks that need the information to help them choose and show adverts to you and others;
•    Analytics and search engine providers that assist us in the improvement and optimisation of our website; and
•    Professional advisers and service providers involved in our marketing activities.
•   Manage our everyday business needs, such as for our internal account management, client reporting, contract management, business continuity and disaster recovery, corporate governance, reporting and legal compliance.

 

5.  CHANGE OF PURPOSE

Unless otherwise permitted under law, we will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above disclosures, where this is required or permitted by law.

 

6.  HOW WE SECURE YOUR PERSONAL DATA

The protection and security of your Personal Data is important to us. We work to adopt reasonable physical, administrative, and technical safeguards to protect the Personal Data you provide to us and which is stored on our servers, and we require service providers to take appropriate security measures to protect your Personal Data in line with our policies. We do not allow our service providers to use your Personal Data for their own purposes. We only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
We have put in place appropriate security measures to protect the security of your information and to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to access your data. They will only process your Personal Data on our instructions and where they have agreed to treat the information confidentially and to keep it secure. 
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

7.  HOW WE SHARE YOUR PERSONAL DATA

a.    a. Disclosures between The Hartford practices/affiliates
We may share your Personal Data within The Hartford for the reasons stated in the “Purpose and Legal Basis For Processing” section above. We may also share your Personal Data within The Hartford as part of our regular business and reporting activities, for system maintenance support, for hosting of data and for other legitimate business reasons, including data analysis, business development, forecasting, strategy assessment, resource planning, and general business operations.
b.    b. Disclosures to Third PartiesWe may have to share your Personal Data with third parties, including third party service providers ("Third Parties"). Third Parties can include but are not limited to:
(i) financial service providers, such as independent agents, brokerage firms, insurance companies; (ii) marketing and promotion service providers; (iii) data analysis service providers; (iv) legal service providers; (v) accounting service providers; (vi) administrative service providers; (vii) security service providers; (viii) application service providers

The following are the types of activities carried out by Third Parties:
i.      claims management activities and administration;
ii.     reinsurance
iii.    insurance or benefits claims and notifications;
iv.    hard copy archiving;
v.    IT services including systems providers for meetings, communications (including telephone, messaging, and email), claims or other applications, document management, and security;
vi.   Financial services, including agency, brokerage and insurance services;
vii.    marketingservices;
viii.   data analytics;
ix.    legal or accounting services
x.    security services; and
xi.   administrative services.

c.    Others reasons why we may disclose your Personal Data to Third Parties
We may also disclose your Personal Data:
i.    in order to comply with a legal or regulatory obligation, where such disclosure is required by a tax authority, or The Hartford’s regulators or supervisory authorities, the police or a court of competent jurisdiction;
ii.   where it is necessary to administer the contract and business relationship with or for you, including for example with agents and brokerage firms, insurance companies, and administrators;
iii.  for the purposes of auditing, insuring and in the course of seeking advice with regards to our business operations and claims handling.

 

8.  TRANSFERRING PERSONAL DATA OUTSIDE THE EU/EEA

Personal Data that we collect about you may be transferred to, and stored at, one or more countries outside the EU/ European Economic Area ("EEA"). It may also be processed by staff operating outside the EU/EEA who work for The Hartford or for our service providers. In such cases, we will take appropriate steps to ensure an appropriate level of data protection in the country of the recipient as required under the GDPR and other Data Protection Laws, and as described in this Privacy Notice. If we cannot ensure such an appropriate level of data protection, your Personal Data will only be transferred outside the EU/EEA if you have given your prior consent to the transfer.

You can contact us for more information regarding the safeguards which we have put in place to protect your Personal Data and privacy rights at consumerprivacyinquiriesmailbox [at] thehartford.com.

9.  HOW LONG WE RETAIN YOUR PERSONAL DATA

We retain your Personal Data pursuant to our records management policy. Our records management policy has been designed to ensure that we maintain Personal Data for that period of time necessary for the purposes for which we collected the data, and also to ensure that we comply with all applicable statutory and regulatory requirements for retaining records, including Personal Data.

 

10.  DATA ACCURACY AND YOUR DUTY TO INFORM US OF CHANGES

It is important that the Personal Data we hold about you is accurate and current. Please keep us informed of any changes to your Personal Data during your relationship with us.

 

11.  YOUR DATA PROTECTION RIGHTS

The Hartford would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

a.   The right to access – you have the right to request copies of your personal data. We may charge you a small fee for this service.

b.   The right to rectification – you have the right to request that The Hartford correct any information you believe is inaccurate. You also have the right to request that The Hartford complete the information you believe is incomplete.

c.   The right to erasure – you have the right to request that The Hartford erase your personal data, under certain conditions.

d.   The right to restrict processing – you have the right to request that The Hartford restrict the processing of your personal data, under certain conditions.

e.   The right to object to processing – you have the right to object to The Hartford’s processing of your personal data, under certain conditions.

f.   The right to data portability – you have the right to request that The Hartford transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you want to review, verify, correct or request erasure of your Personal Data, object to the processing of your Personal Data, or request that we transfer a copy of your Personal Data to another party, please contact consumerprivacyinquiriesmailbox [at] thehartford.com or the DPO.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if a request access is unfounded or excessive, or we may refuse to a request in such circumstances.
If you are dissatisfied with any aspect of our handling of your Personal Data, you have the right to make a complaint at any time to a data protection authority; the Data Protection Supervisory Authorities contact information is listed in Appendix 1.

a.    What we may need from you to confirm your identity

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.

b.    Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact consumerprivacyinquiriesmailbox [at] thehartford.com, Unless we have another lawful basis for continuing to process your Personal Data, once we have received notification that you have withdrawn your consent, we will no longer process your Personal Data for the purpose or purposes you originally agreed to; further, unless we have another lawful basis for continuing to process your Personal Data, we will dispose of it securely.

12.  CHILDREN'S PRIVACY

The Hartford's Services are not directed to or intended for children.

13.  CHANGES TO OUR PRIVACY NOTICE

We reserve the right to amend this Privacy Notice at any time in order to address future developments of The Hartford, the Consumer Services, or changes in industry or legal trends. We will post the revised Privacy Notice on this page.  Any changes will become effective upon the posting of the revised Privacy Notice on the Website. The date on which this notice was last updated is provided at the beginning of this notice.

14.  HOW TO CONTACT US

We have appointed a data protection officer ("DPO") to oversee compliance with this privacy notice. If you want to contact the DPO, or if you have any questions about this Privacy Notice or how we handle your Personal Data, please contact us at consumerprivacyinquiriesmailbox [at] thehartford.com, or alternatively The Hartford - Privacy Law, One Hartford Plaza, Hartford, CT 06155

APPENDIX--DATA PROTECTION AUTHORITIES

Belgium
Data Protection Authority
Rue de la presse 35
1000 Brussels

Telephone: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
Email: contact(at)apd-gba.be  
Web site contact page: https://www.autoriteprotectiondonnees.be/introduire-une-requete-une-plainte

France 
Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy 
TSA 80175
75334 Paris Cedex 07

Telephone: 0153732222 
Fax: 0153732200
Web site contact page: https://www.cnil.fr/fr/plaintes

Italy
Garante per la Protezione dei Dati Personali
Piazza Venezia 11
00187 Roma

Telephone: +39-06-6967 71
Fax: (+39) 06.69677.3785
Email: protocollo [at] gpdp.it  
Certified email: protocollo [at] pec.gpdp.it

Spain
Agencia Española de Protección de Datos  
C/ Jorge Juan, 6 
28001-Madrid

Telephone: +34 (0) 901 100 099 or +34 (0) 91 266 35 17
Online form to submit a complaint :
https://sedeagpd.gob.es/sede-electronica-web/vistas/formNuevaReclamacion...

Switzerland
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH - 3003 Berne
Switzerland

Telephone: +41 (0)58 462 43 95
Fax: +41 (0)58 465 99 96
Email: info [at] edoeb.admin.ch 

The Netherlands
Autoriteit Persoonsgegevens
PO Box 93374
2509 AJ DEN HAAG

Telephone: (+31) - (0)70 - 888 85 00
Fax: (+31) - (0)70 - 888 85 01
Website: https://autoriteitpersoonsgegevens.nl/nl
Online form to submit a complaint: 
https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/gebruik-uw-privacyrec...

United Kingdom
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Fax: 01625 524510
Web site contact page: https://ico.org.uk/global/contact-us/