This notice explains what we do in relation to collecting, storing, and processing Personal Data. If you believe that we may hold Personal Data and you are the Data Subject you have various rights under relevant legislation including rights of access.
MGA Managers Limited is a Data Controller in certain circumstances. We are registered with the Information Commissioners Office (“ICO”) under registration number A8247089. The ICO is the UK’s independent authority set up to uphold information rights in the public interest. Their website can be found at https://ico.org.uk/
If we hold your personal data you are a Data Subject and have a number of rights UK data protection legislation including:
§ The right to be informed that your data is being collected. We do this by making this notice available to you and in limited circumstances where we ask for your written consent;
§ The right to access your personal data and know what data we hold. You should use the contact information below in the first instance and we will ask you for proof of identity as part of the process;
§ The right to rectification. If you believe that your personal data held by us is inaccurate you can ask us to correct the data;
§ The right to erasure. You can ask us to erase your personal data but please understand that there are circumstances where we will continue to be entitled to process your data and we will explain any relevant reasons at that time;
§ The right to restrict processing. You can ask us to restrict how we use your data;
§ The right to portability. You can ask us to provide your personal data in a format that can be transmitted to another data controller;
§ The right to object. You can object to a data controller processing your data, typically where it is used for marketing purposes. We do not use personal data for marketing;
§ Rights related to automated processing, typically related to automated decisions and profiling. We do not use personal data to automate our decisions without human intervention but you can ask is if we do this.
If you have further questions, wish to access your data, or wish to make a complaint you should contact steve.cole@mgaml.com in the first instance.
Further Information
This privacy notice does not extend to other sites accessible via links on this website. Where you access other websites via these links you should read the privacy notices contained on those sites and we can take no responsibility for personal data held or processed by the organisations concerned.
The information below describes the purposes and means by which we process personal data and the scope of use and sharing with other parties. The limitations on scope in relation to sharing with other parties do not apply where we are obliged by law or regulation to a party entitled to receive the personal data.
The personal data we hold, the purposes for which we hold it, and what we do with it will be different for different parties. Please see the headers below for more information.
People who visit our website
We use a third party service, Google Analytics, to collect details of website visitor patterns. We do this to understand which pages and information are of most interest to visitors to our site to enable us to update and develop the content on our site.
We do not hold any personal data about visitors to our website and our contract with Google Analytics does not permit them to do so either.
People who send emails to us
You should be aware that unless we have established Transport Layer Security (TLS) or other technical means, email traffic between us may be vulnerable to interception.
If an email you sent to us was intended for our sole use and that was made clear to us we will not share it with other parties or provide your contact details.
If an email was sent to us in connection with an insurance policy or claim where we are acting on behalf of you or your client we may share such emails with (re)insurers, or their agents, in connection with the relevant insurance policy or claim.
They will be Data Controllers with their own obligations and responsibilities in connection with processing your data and you should contact them directly. We will only share this information where it is necessary for dealing with a claim or fulfilling an insurance policy. We can provide you with details of firms with which we have shared your personal data if you request this from us.
People who complain to us
Our Terms of Business Agreements set out the process and contact points for dealing with complaints. Where we receive a complaint in relation to our services we will file that information together with other complaint details gathered by us in the course of investigating and resolving the complaint. This information and any Personal Data will not be shared with any other organisation.
Where we receive complaints about the services of another party; for example an insurer, we will pass details of the complaint, including any personal data provided to us, to the party responsible for the provision of the services. We will advise you where we do this. We will retain a summary of the complaint details for use in analysing the overall service experience of our clients and policyholders.
Policyholders
Whilst our activities are primarily concerned with placing insurance covers for commercial policyholders, in the course of quoting and placing insurance policies we may have been provided with personal data; for example details of the owners or directors of the firm.
We will only ever use this information in the course of activities necessary to enter into or fulfil an insurance contract and where required as part of the claims process. We will supply this information to insurers or their agents for these purposes but will otherwise not provide personal data to other parties.
We can provide you with details of firms with which we have shared your personal data if you request this from us.
Claimants
In the course of collecting information to provide (re)insurers, or their agents or administrators, with the information needed to enable them to administer or agree to pay a claim, we may be provided with additional personal data where the claim is on behalf of the persons that purchased or are named in the policy.
We may also be provided with personal data, including sensitive or medical data, by third parties alleging that they have suffered an injury or other loss caused by the policyholder.
We will only ever use personal data obtained and processed as part of the claims process for the purpose of recording, communicating with (re)insurers or their agents or administrators, or, with respect to our own administration activities, to resolve the claim.
We can provide you with details of firms with which we have shared your personal data if you request this from us.
Agents, Producing Brokers, and (Re) insurers
In the course of our dealings we may be provided with personal data relating to the owners, directors, managers, and other individuals in your organisation including email addresses and telephone numbers.
This information will only be held and processed in connection with efficiently managing our business relationship and in that respect will be shared with those of our employees involved in the business between us.
People employed by us
We need to hold a range of personal data related to employees, provided by employees, and also gathered in the course of employment.
We will have informed you in detail about the personal data we hold or expect to hold, the purposes for which it is processed, and asked you to consent in writing to your personal data being held and processed in this way. We will also have told you about your various rights under the legislation.
We hold your data on the basis of consent unless that consent has been withdrawn by you and when we obtained your consent we will have explained how long we will normally hold the data. If you have not retained a copy of the Consent Notice you can obtain a copy by contacting steve.cole@mgaml.com.
People in contact with us about employment
If you, or your agent; e.g. a recruitment firm have been in contact with us in relation to a possible position that did not result in you taking up a position with us, certain personal data will have been shared with you.
If you sent the personal data directly to us we will have acted on the basis that you consented to us holding and processing the data for the purpose of a potential job role. If the personal data was sent to us by an organisation to whom you provided the personal data in relation to employment we will similarly have acted on the basis that you consented to the data being provided.
Our policy is to destroy all such personal data within two months of receipt unless we are at that time actively in discussions about a possible specific employment role.