At Lancashire we are dedicated to protecting and safeguarding your privacy whenever we are handling your Personal Information. This privacy notice is part of this commitment and aims to provide you with an overview of how and why we might collect, use, or disclose your Personal Information. It also provides information about your rights and choices when it comes to your information when it is in our care.

About this notice and us

This notice was last updated on January 22, 2024 and is effective from February 1, 2024.

This notice applies to any individual about whom we may collect and use Personal Information for insurance business and compliance purposes. Normally, Lancashire will be the controller of your Personal Information, meaning we are responsible for determining how your information is used and accountable for following applicable privacy and data protection laws.

In this notice references to “Lancashire”, “we” or “us” are to:

Lancashire Insurance Company (UK) Limited, 20 Fenchurch Street, London, EC3M 3BY, UK.

You may contact us by email: [email protected].

The types of Personal Information we collect

The Personal Information we may collect, use or disclose includes (but is not limited to):

·        identifiers, such as individual details (such as name, address, email address, phone number, gender, date of birth, employment details, insurance policy number)

·        sensitive personal information, such as identification details (which may include IDs issued by government agencies or bodies), your physical or mental health information as it relates to your previous and current claims, and financial information (such as bank and payment details)

·        characteristics of protected classifications under California or federal law (or special category data under UK data protection legislation)

·        geolocation data

·        audio, electronic, visual, or similar information

·        professional or employment-related information

·        commercial information, such as previous and current claims

·        Internet or other electronic network activity

·        other transactional information (such as your interactions and communications with us or one of our Agents)

How we get the Personal Information and why we have it

For the purposes described in this notice, Personal Information may be collected by us (including through one of our Agents) either:

·        from you directly (including in your capacity as a Business Contact);

·        concerning a relevant individual* from: your legal representative, your employer, the Named Insured or their representative (such as an intermediary, broker, or another insurer); or

·        other sources: from government agencies, social networks or other publicly available sources (where necessary and to extent legally permitted).

[* Note: If a Named Insured or their representative wishes to provide us with Personal Information about another person for the purposes of a claim made under an insurance policy, they should ensure that the person has been made aware of the content of this privacy notice.]

We may collect and use Personal Information:

·        when quoting for, arranging, underwriting, or administering an insurance policy, including the processing of claims under the policy and for fraud prevention and investigation - on the basis that such processing is necessary for the stated insurance purposes (and is in the substantial public interest) or is necessary for compliance with our legal and regulatory obligations (fraud prevention related processing) 

·        for establishing and maintaining your relationship with us, including managing communications and your marketing preferences – on the basis that such processing is necessary for the purposes of our legitimate interests (provided our interests are not overridden by your rights and interests) or is for direct marketing purposes on the basis of your consent

·        for compliance with other legal and regulatory obligations or as legally permitted – on the basis that it is necessary for preventing or detecting unlawful acts (including sanctions and anti-money laundering) or to establish or exercise our rights and to defend against or prosecute a legal claim or action

We may also use your Personal Information for the following business purposes:

·        for ensuring security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for these purposes

·        for debugging to identify and repair errors that impair existing intended functionality

·        for undertaking internal research for technological development and demonstration

·        for undertaking activities to verify or maintain the quality or safety of a service that is owned or controlled by us, and to improve, upgrade, or enhance the service that is owned or controlled by us

We may disclose the above categories of your Personal Information for any of the uses or business purposes described in this notice with:

·        our Agents, who assist in the above purposes

·        nominated third parties (for example, intermediaries, third party administrators, or managing general agents), in the course of running our business and administering your policy

·        our processors or service providers, who help us to operate and provide our services (we require all such organizations to respect the confidentiality and security of any Personal Information they are given access to)

·        regulators, law enforcement, or government bodies (to the extent such disclosures are legally permitted or obliged)

How we store your Personal Information

Your Personal Information is securely stored and protected by appropriate administrative procedures and technical controls, in line with industry practices.

How long we keep your Personal Information will be determined by what information is collected and the purpose or purposes it was collected for (in accordance with this notice). The factors to be considered include how long it is needed:

·        to deliver our contracted services

·        to comply with our legal, accounting, and regulatory obligations

·        to further satisfy required periods set (or as permitted) by law or as recommended by our regulators

·        to defend or protect our legal rights

When your Personal Information is no longer needed for the above considerations, it will be securely erased or deleted or otherwise de-identified.

If you would like to know more about how long your information will be retained, please contact us using one of the contact methods given in the ‘About this notice and us’ section above.

Your rights

You may have certain rights as an individual, which you can exercise for Personal Information we hold about you. If you make a request to exercise any of your rights, we reserve the right to ask you for a proof of your identity, including asking for Personal Information such as your name and account number to compare against our business records. To exercise your rights, please contact us using one of the contact methods given in the ‘About this notice and us’ section above. We aim to acknowledge your request as soon as possible and to address your query within one month from your request.

We offer you the following rights:

Your right to access (request to know): You are entitled to a confirmation to how we are processing your data, a copy of your data, and information about the purposes of processing, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, where we got your data from and how you can make a complaint.

We may have to decline a request due to legal restrictions. This could include, but is not limited to:

  • the information is subject to solicitor or attorney client privilege;
  • providing the information would reveal Personal Information about a third party; or
  • providing the information could compromise the investigation of a claim.

Your right to rectification (request to correct): If you believe the Personal Information we hold about you is inaccurate or incomplete, you can request for it to be rectified.

Your right to erasure (right to be forgotten, request to delete): You have the right to ask us to erase or delete your Personal Information in certain circumstances, for example, if you believe it is no longer needed for the purposes for which it was collected. However, this will need to be balanced against other factors that require us to retain Personal Information. For example, there may be certain legal or regulatory obligations that may prevent us from completing your request.

Your right to data portability: If you provided us with Personal Information, you can ask us to transfer that Personal Information to another third party of your choice.

Your right to restrict and/or object to processing: You have the the right to restrict and/or object to the processing of your Personal Information in certain circumstances. For example, where the processing relies on our legitimate interests as the lawful basis for processing, you also have an absolute right to stop your Personal Information being used for direct marketing.

The right to withdraw consent: If we processed your Personal Information under your consent, you can withdraw consent for any further communication or use of the information collected; assuming it is no longer needed for the purposes it was collected.

The right to complain: If you are unhappy with how we have responded to you exercising any of the right listed in the notice, you have the right to complain to the applicable supervisory authority. See the ‘How to complain’ section of this notice below.

Notice at collection and additional information and rights for California residents

We collect the categories of personal information as defined under “the type of personal information we collect” section above and use it as described under “how we get the personal information and why we have it” section above. We do not sell or share your Personal Information, including no actual knowledge of any selling or sharing of the Personal Information of anyone under 16 years of age, and we retain your Personal Information as described under “how we store your personal information” section above.

If we collect and use your Personal Information as a Business Contact (or you are a “consumer or customer” as defined in California law) we further advise you that:

Your right to non-discrimination or retaliation: When you exercise any of your rights as detailed in this notice, we will not discriminate or retaliate against you.

Your right to limit use and disclosure of sensitive personal information:  We will only collect, use, or disclose your sensitive Personal Information to the extent it is necessary for the purposes set out in this notice, and we do not use your sensitive personal information to infer characteristics about you or for purposes beyond those specified under applicable law. You have the right to make this request, but there is no relevant activity to limit in response to such request.

Your right to opt-out of the sharing or selling of information:  We have not and do not “sell” your Personal Information nor “share” it for “cross-context behavioral advertising” (as each of those terms are defined under the California Consumer Privacy Act (“CCPA”)), including the Personal Information of those under the age of sixteen years. You have the right to make this request, but there is no relevant activity to opt you out of in response to such request.

Your right to use an authorized agent: You may designate an authorized agent to exercise any of these rights on your behalf. To designate an agent, please email a signed authorization to [email protected]

Please note that we currently do not respond to Do Not Track or other privacy preference signals, such as the Global Privacy Control given that we do not operate tracking technologies for the purposes of behavioral advertising or direct marketing.

International transfers of information

Due to the global nature of our business and the technologies we rely on, your Personal Information may be transferred, stored, or otherwise processed outside of the country of origin by and between us, our Agents, processors, or service providers for the purposes set out in this notice. All such transfers are conducted in accordance with the relevant legal requirements for the transfer and adequate protection of Personal Information outside of the UK or the originating jurisdiction, as applicable.

If you would like to know more about such transfers, please contact us using one of the contact methods given in the ‘About this notice and us’ section above.

How to complain

If you have any questions or concerns about our use of your Personal Information or if you would like to appeal any of our decisions in response to one of your requests, you may contact us by writing to:

Group Data Protection Officer, Lancashire Insurance Company (UK) Limited, 20 Fenchurch Street, London, EC3M 3BY, UK or email [email protected].

You also have the right to complain to an applicable supervisory authority (regulator) if you remain unhappy with how we have used your data or responded to your rights request. As we are based in the UK, our supervisory authority is:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF, UK


Glossary of Terms

Agents – other companies in our Group of companies who operate as our agents for the purposes of quoting for, arranging and administering our insurance policies.

Business Contact – an individual about whom we may collect Personal Information (including contact and other personal details as necessary for maintaining a business relationship) in the process of quoting, arranging and administering insurance policies

Named Insured – the Named Insured shown in your Policy Declaration (and any other person or organization qualifying as a Named Insured under this Policy as defined in your Policy documentation)

Personal Information - information that relates to or describes an identified or identifiable individual, where that individual is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person