Data Fair Processing Notice

1. Purpose of this Data Fair Processing Notice

Paratus Maritime Insurance Limited (herein referred to as ‘PMIL’) is committed to protecting your privacy. This fair processing notice (this 'notice') sets out details of the information that we may collect from you and how we may use that information. Please take your time to read this notice carefully and consider it when using Paratus’ website and/or client portal.

2. About us

PMIL is an international insurance business, registered and regulated in Guernsey. We offer insurance policies to protect your industry from energy and freight price risk. Our policies are commercial insurance contracts available solely to businesses which can demonstrate a reliance upon transport energy & freight purchases / sales to maintain normal commercial operations.

In order for us to provide you with a quote and then insurance, and deal with any claims or complaints that might arise, we need to collect and process data about you and your business. This makes the relevant Paratus company a "data controller". Therefore, in this notice we use "we" or "us" or "Paratus" in relation to:

  • Paratus Holdings Limited - registered in Guernsey under Registration No. 67759;
  • Paratus Maritime Insurance Limited - registered in Guernsey under Registration No. 67764 and licensed and regulated as an insurer by the Guernsey Financial Services Commission under the Insurance Business (Bailiwick of Guernsey) Law, 2002 to carry on general insurance business;
  • Paratus Services (UK) Limited - registered in the United Kingdom under Company No. 12668602; and
  • Robus Risk Services (Guernsey) Limited - registered in Guernsey under Registration No. 54414 and licensed and regulated by the Guernsey Financial Services Commission under the Insurance Managers and Insurance Intermediaries (Bailiwick of Guernsey) Law, 2002.

The specific company acting as a data controller of your information will be listed in the documentation we provide to you. If you are unsure you can also contact us at any time by telephoning +44 (0) 1481 742559 or by e-mailing us at info@paratusltd.com or writing to us at Town Mills North, Rue du Pre, St Peter Port, Guernsey, GY1 6HS.

3. About the Insurance Market

As an insurance business, PMIL must obtain information about the subject covered by its insurance policies. This may involve the use and disclosure of your data to various insurance market participants such as intermediaries and reinsurers. Primarily, your information may be provided by or shared with Gibson Shipbrokers Limited and Price Forbes & Partners Limited. This exchange is necessary so that we may properly assess the risks associated with providing insurance and administer and manage our products and services. This notice applies to any individual or legal entity whose information we must process in the course of providing insurance.

Furthermore, we may be required by law to collect certain information about you or your business, or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfilment of these obligations. We will inform you at the time your information is collected whether certain data is compulsory and the consequences of the failure to provide such data.

4. Sources of the information we collect

We collect information from you directly when you voluntarily provide it to us, for instance if you submit application forms to be considered for insurance products or contact us through our website. We also collect your information from a variety of additional sources:

  • other insurance companies that we work with;
  • other reinsurers and retrocessionaires;
  • our business partners with whom we work to provide insurance products;
  • public sources, such as public databases (where permitted by law);
  • insurance brokers or other intermediaries;
  • third party evidence providers; and
  • financial institutions.

Occasionally we may collect your information from a third party, in particular from authorised, regulatory, public sources such as government regulators, industry self-governing bodies and other publicly available records. This will be most common when we are complying with our legal obligations regarding money laundering and other financial crimes.

5. Our Data Protection Principles

PMIL must ensure compliance with the Data Protection (Bailiwick of Guernsey) Law, 2017 (“the DP Law”). This is centred on eight Data Protection Principles, which state that data must be:

  1. Processed fairly and lawfully;
  2. Obtained only for specific and lawful purposes;
  3. Relevant, adequate and not excessive for the purposes for which they are processed;
  4. Accurate and where necessary kept up to date;
  5. Kept for no longer than is necessary;
  6. Processed in accordance with the rights of data subjects under the DP Law. This means that individuals have the right, amongst other things, to:
    1. be informed upon request of all the information held about them by a particular data controller;
    2. prevent the processing of their data for the purposes of direct marketing;
    3. compensation if they can show that they have been caused damage by any contravention of the Law;
    4. receive their data or some of their data, in a format that can be easily used by another person or organisation;
    5. withdraw consent when we are relying on consent to process their data;
    6. the removal or correction of any inaccurate data about them.

In addition:

  1. Appropriate security precautions be in place to prevent the loss, destruction, or unauthorised disclosure of the data.
  2. Personal data shall not be transferred outside the Bailiwick unless that country in question can provide an adequate level of protection for the rights and freedoms of data subjects. However, the Company may transfer data in conformity with the Principle where it has the data subject’s consent or where transferring data to a territory forming part of the European Economic Area or comply with the exemptions as listed by the DP Law. Companies currently on the European Commission adequacy list are found in the below table.

6. What marketing activities do we carry out?

We may use your information to help our distribution partners provide you with information about those products or services which may be of interest to you where you are an existing customer or where you have provided your consent for us to do so. We may do this by post or email, through your insurance broker.

We are committed to only sharing marketing communications that you have clearly expressed an interest in receiving, and will never send such marketing communications directly to you. If you wish to opt out of marketing, you may do so telling your insurance broker when they call you or by responding to their email(s) asking to “unsubscribe”. Otherwise you can always contact us using the details set out in this notice to update your contact preferences.

Please note that, even if you opt out of receiving marketing messages, we may still send you service related communications where necessary.

7. How long do we keep information for?

We will only keep your information for the minimum periods required in order to fulfil the relevant purposes set out in this notice. We are also required to keep certain information for longer in order to comply with our legal and regulatory obligations.

The exact time period will depend on your relationship with us and the type of information we hold. For example, if you take out an insurance policy with us, we will keep your information for longer than if you obtain a quote from us but do not take out a policy.

8. How do we protect your information?

We implement technical and organisational measures to ensure a level of security which is appropriate with the risk to the information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of information. We evaluate these measures on a regular basis to ensure the security of the processing. Specifically, we use a range of organisational and technical security measures to protect your information, including:

  • physical security measures such as locked business premises and CCTV;
  • access controls such as physical authentication devises, password protection and user logging; and
  • virus and malware controls on our systems.

We review our security measures periodically. We also ensure that across the Paratus Group of Companies, our employees receive appropriate data security training, and from time to time, conduct resilience testing with the aim of preserving the integrity of your/our data.

9. Your rights

Under data protection law you have certain rights in relation to the information that we hold about you. There will not usually be a charge for dealing with these requests. You may exercise these rights at any time by contacting us using the details set out in this notice.

Please note that the rights set out below do not apply in all circumstances; in some cases we may not be able to comply with your request (for example, where there is a conflict with our own obligations to comply with other legal or regulatory requirements).

In some circumstances exercising some of these rights (such as the right to erasure or the right to restrict processing) will mean we are unable to continue providing you with insurance and may therefore result in its cancellation. You will therefore lose the right to bring any claim or receive any benefit, including in relation to any event that occurred before you exercised your right of erasure, if our ability to handle the claim has been prejudiced. Your policy terms and conditions set out what will happen in the event your policy is cancelled.

Your rights include:

  1. The right to access your information. You are entitled to a copy of the information we hold about you and certain details of how we use it. Your information will usually be provided to you in writing, unless otherwise requested, or where you have made the request by electronic means, in which case the information will be provided to you by electronic means where possible.
  2. The right to rectification. We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
  3. The right to erasure. In certain circumstances, you have the right to ask us to erase your information, for example where the information we collected is no longer necessary for the original purpose or, where we are relying on consent as our legal ground, you withdraw your consent. However this will need to be balanced against other factors. For example, we may have legal and regulatory obligations which mean we cannot comply with your request.
  4. The right to restriction of processing. In certain circumstances, you are entitled to ask us to stop using your information, for example where you think that the information we hold about you may be inaccurate or where you think that we no longer need to use your information.
  5. The right to data portability. In certain circumstances, you have the right to ask that we transfer information that you have provided to us to another third party of your choice.
  6. The right to object to marketing. You can ask our distribution partners to stop sending you marketing messages at any time. You can do this either by clicking on the "unsubscribe" button in any email that they send to you or you can also contact us using the details set out in this notice. Please note that even if you opt out of receiving marketing messages from our distribution partners, we may still send you service related communications where necessary.
  7. Rights to object. You may have a right to object to an automated decision in certain circumstances. Where we process your information based on our appropriate business needs, you can object to such processing. In such cases, we will assess your objection against our business needs
  8. The right to withdraw consent. For certain uses of your information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your information. Please note that for some purposes, we need your consent in order to provide your policy. If you withdraw your consent, we may need to cancel your policy or be unable to pay your claim. We will advise you of this at the point you seek to withdraw your consent.
  9. The right to lodge a complaint with the ODPA. You have a right to complain to the Office of the Data Protection Authority (ODPA) if you believe that any use of your information by us is in breach of applicable data protection laws and regulations. More information can be found on the ODPA website: https://www.odpa.gg/. Making a complaint will not affect any other legal rights or remedies that you have.

10. Contacting us

If you would like further information about any of the matters in this notice or have any other questions about how we collect, store or use your information, you may contact us by telephoning +44 (0) 1481 742559 or by e-mailing us at info@paratusltd.com or writing to us at Town Mills North, Rue du Pre, St Peter Port, Guernsey, GY1 6HS.