Skip to main content
QBE Insurance, Nederland

Privacy Policy

We process personal information in order to be able to provide our customers with the best possible service/product. We always ensure we have a legitimate purpose and appropriate legal basis to hold personal information. We strive to maintain the highest possible data protection standards and to handle all data with the upmost care and we will only use your data in a safe and ethical way.

Our Privacy Policy

Your trust is important to us, so we want you to be aware of our Privacy Policy which explains how we collect, store and handle your personal information. ‘Personal information’ in this Privacy Policy has the same meaning as ‘personal data’ in the EU General Data Protection Regulation 2016/679/EU (GDPR) and equivalent UK legislation. Essentially, it means any information which is connected to a living individual who can be identified from that information, either by itself or when combined with other data which might come into our possession. Information about individuals acting as sole traders and certain partnerships, where they are individually identifiable, and the information relates to them as an individual may also constitute personal data.

Report a Data Breach

If you suspect data about QBE EO’s customers, staff or other contacts has been inappropriately disclosed or you find QBE EO property which may contain confidential or personal information, please let our Data Protection Team know as soon as possible by completing our Data Breach Form.

Fair Processing Notice

QBE Europe SA/NV ("QBE" or “we” or “us”) is committed to ensuring your privacy is protected. This Fair Processing Notice (the “Notice”) sets out details of the information that we may collect from you and how we may use that information. Please take your time to read this Notice carefully. When using our QBE website, this Notice should be read alongside the website terms and conditions.

QBE is part of a wider group of companies, the QBE Insurance Group, one of the world’s leading international insurers and reinsurers. As a business insurance specialist, we offer a range of insurance products from the standard suite of property, casualty and motor to the specialist financial lines, marine and energy. All are tailored to the individual needs of our small, medium and large client base.

To enable us to provide insurance services, including providing a quote and then insurance, and dealing with any claims or complaints that might arise, we need to collect and process personal data. This makes us a data controller, as defined by the General Data Protection Regulation (the “GDPR”) for any personal data that you provide to us which makes us responsible for complying with data protection laws.

The specific company acting as a data controller of your personal data will be listed in the documentation, we provide to you. If you are unsure about who the data controller of your personal data is, you can also contact us at any time using the contact details set out in section 9.

The types of personal data that we collect and our uses of that personal data will depend on your relationship with us. For example, we will collect different personal data depending on whether you are a policyholder, a beneficiary or a third party covered by an insurance policy we provide, a website user, a claimant, a witness, a broker, an expert or another third party.

Sometimes we will request, or receive, some of your "sensitive personal data". Sensitive personal data is information that relates to your health, genetic or biometric data, criminal convictions, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership. For example, we may need access to information about your health in order to provide you with a quote, provide your insurance policy, or process any claims you make. We may also need details of any unspent criminal convictions you have for fraud prevention purposes or to carry out money laundering checks. We won't actively collect sensitive personal data about your sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership although it is possible that this could be disclosed indirectly in certain circumstances when answering our questions.

Where you provide personal data to us about other individuals (forexample: members of your family or your employees) we will also be data controller of, and responsible for, their personal data. You should refer them to this Notice.

In order to make this Notice as user-friendly as possible, we have split it into different sections. Please click on the section below that best describes your relationship with us.

Prospective policyholders or beneficiaries

If you apply for an insurance policy with us or where someone else (such as your employer) applies for an insurance policy which will benefit you, this section will be relevant to you and sets out our uses of your personal data.

What personal data will we collect?

  • Your name, address, date of birth and gender;
  • Contact information such as your telephone numbers and email addresses;
  • Financial information such as your bank details, payment details and information obtained as a result of our credit checks such as bankruptcy orders, individual voluntary arrangements or court judgments.
  • Information about your relationship to the policyholder where you are the beneficiary.
  • Information relating to your identity such as your social security identification number, passport or ID card number, vehicle registration number or driving licence number.
  • Information about your job such as your job title, employment history and employment records (including information on your salary, benefits and earnings), education history and professional accreditations.
  • Information which we obtain as part of checking sanctions lists.
  • Additional information which is relevant to the insurance application such as previous insurance policies you have held and claims you have made. This will also include any information specific to the type of policy application. For example:
    • If you are applying for a property protection policy, we may collect and use information which relates to your property.
    • If a third party (such as your employer) is applying for a professional liability policy which covers you, we may collect and use personal data which relates to previous disciplinary issues.
  • Information which we have gathered from publicly available sources, such as internet search engines like Google, the commercial register ("KVK", Government department websites and social media sites including: Facebook, YouTube and/or LinkedIn.
  • Information obtained through our use of cookies. You can find out more information about this in section 9.

What sensitive personal data will we collect?

  • Details about your criminal convictions and any related information, to the extent permitted in your jurisdiction. This will include information relating to any offences or alleged offences you have committed and any caution, court sentence or criminal sentence which you are or have been subject to, for example: if you have applied for motor fleet cover, we will request to know about any motoring convictions your employees have.
  • About your physical and mental health which are relevant to the insurance application (e.g. if you take out, or are covered by, a personal accident and travel policy, we may need details of pre-existing medical conditions or, where you apply for a motor policy, we will ask about any medical conditions which cause you as the driver to have a restricted driving licence). This may take the form of medical reports or underlying medical data such as x-rays or blood tests.
  • Information relating to your identity such as your national insurance number
  • Whilst we do not actively collect other sensitive personal data, there may be some circumstances where you disclose sensitive personal data when answering our questions.

How will we collect your personal data?

We will collect personal data directly from you when you:

  • apply for a policy;
  • are provided with a quotation;
  • use any of the QBE Group websites;
  • contact us to make a complaint;
  • contact us by email, telephone and through other written and verbal communications, including our online live chat facility via our e-trading platform; and
  • request information about our products and services or subscribe to a newsletter or bulletin.

We will also collect personal data from:

  • the applicant (where you are a beneficiary or named under an insurance policy);
  • third parties involved in the insurance application process (such as our business partners and representatives, brokers or other insurers);
  • publicly available sources such as internet search engines like Google, the commercial register ("KVK"), Government department websites and social media sites including: Facebook, YouTube and/or LinkedIn;
  • fraud prevention and detection agencies;
  • other companies within the QBE Group; and
  • credit reference agencies.

What will we use your personal data for?

We may use your personal data for a number of different purposes. In each case, we must have a legal basis to do so, meaning we must justify each use of your personal data. We will rely on the following legal basis, when we process your personal data: we can rely on one, or more, of the following legal basis:

  • We need to use your personal data to enter into or perform the insurance contract that we hold with you. For example, we need to use your personal data to provide you with a quote;
  • We are subject to a legal or regulatory obligation to use such personal data. For example, our regulators require us to hold certain records of our dealings with you;
  • We need to use your personal data for a legitimate interest (e.g. to keep a record of the decisions we make when different types of applications are made, to keep business and accounting records, manage our business operations and to develop and improve our products and services). When using your personal data for these purposes, we will always consider your rights and interests.

When the personal data that we process is classed as sensitive personal data, we must rely on an additional legal basis. In such case, we will rely on the following legal basis:

  • We need to use your sensitive personal data to prevent and detect unlawful acts and there is a substantial public interest in such use.
  • We need to use your sensitive personal data to establish, exercise or defend legal claims. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
  • You have provided your consent to our use of your sensitive personal data (e.g. in relation to your marketing preferences). In some circumstances, we may need your consent to process sensitive personal data. Without it, we may be unable to offer you an insurance policy. You can withdraw your consent at any time unless we are required to keep on processing it. In such cases, we will always explain why your consent is necessary. You can refer to section 8 for more information.
Purpose for processing Legal basis for using your personal data Legal basis for using your sensitive personal data

To set you up as a policyholder including carrying out fraud, sanctions, credit and anti-money laundering checks.
  • It is necessary to enter into your insurance contract.
  • We are subject to a relevant legal or regulatory obligation.
  • We have a legitimate interest (to assess the insurance application).
  • It is in the substantial public interest to prevent or detect unlawful acts.
  • We need to establish, exercise or defend legal claims.
  • You have given us your explicit consent.

To evaluate your insurance application and provide a quote.
  • It is necessary to enter into or perform your insurance contract.
  • We are subject to a relevant legal or regulatory obligation.
  • We have a legitimate interest (to assess the insurance application and provide you with a quote).
  • You have given us your explicit consent.

Communicating with you and resolving any complaints that you might have.
  • It is necessary to enter into or perform your insurance contract.
  • We have a legitimate interest (to send you communications, record and investigate complaints and ensure that future complaints are handled appropriately).
  • We need to use your personal data in order to establish, exercise or defend legal claims.
  • You have given us your explicit consent.

Complying with legal or regulatory obligations we are subject to.
  • We are subject to a relevant legal or regulatory obligation.
  • We need to use your personal data in order to establish, exercise or defend legal claims.

Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice).
  • We are subject to a relevant legal or regulatory obligation.
  • We have a legitimate interest (to effectively manage our business operations).
  • You have given us your explicit consent.
  • We need to use your personal data in order to establish, exercise or defend legal claims.

Monitoring applications, reviewing, assessing, tailoring and improving our products and services and similar products and services offered by the QBE Group.
  • We have a legitimate interest (to develop and improve the products and services offered by QBE or the QBE Group).
  • You have given us your explicit consent.

Investigating or detecting the unauthorised use of our systems, to secure our system and to ensure the effective operation of our systems.
  • We have a legitimate interest (to ensure the integrity and security of our systems).
  • We need to use your personal data in order to establish, exercise or defend legal claims.

Transferring or selling part of our business or re-organising our company structure.

  • We have a legitimate interest (to manage our business portfolio and re-organise our company).
    We are subject to a relevant legal or regulatory obligation.
  • You have given us your explicit consent.

Who will we share your personal data with?

We will keep your personal data confidential and we will only share it where necessary for the purposes set out above with the following parties:

  • Other QBE Group companies for our general administration purposes or for the prevention and detection of fraud.
  • Our insurance partners such as brokers, sub-brokers, cover holders, other insurers, reinsurers or other companies who act as insurance distributors.
  • Third parties who assist in the administration of your insurance application. These include surveyors, valuers and other experts.
  • Other insurers who provide our own insurance (reinsurers) and companies who arrange such reinsurance.
  • Third parties who provide sanctions checking services.
  • Insurance industry bodies.
  • Fraud detection agencies and other third parties who operate and maintain fraud detection registers.
  • Our regulators including the UK Financial Conduct Authority, the UK Prudential Regulation Authority, the National Bank of Belgium, the Dutch Central Bank and the Dutch Financial Market Authority (Autoriteit Financiële Markten).
  • The police, other third parties or (law) enforcement agencies, or supervisory authorities where reasonably necessary for the prevention or detection of crime or necessary to comply with (information) requests.
  • Credit reference agencies.
  • Third party suppliers we appoint to help us carry out our everyday business activities such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers and/or tax advisers.
  • Third parties who undertake analysis for the purposes of product improvement.
  • Selected third parties in connection with any sale, transfer or disposal of our business.

Policyholder or beneficiary under an insurance policy

If you take out an insurance policy with us (e.g. a business interruption policy) or if you are listed as an applicant or beneficiary under a policy that someone else has with us (such as a named solicitor under a professional indemnity policy), this section will be relevant to you and sets out our uses of your personal data.

What personal data will we collect?

  • Your name, address, date of birth and gender.
  • Contact information such as your telephone numbers and email addresses.
  • Financial information such as your bank details, payment details and information obtained as a result of our credit checks such as bankruptcy orders, individual voluntary arrangements or court judgments.
  • Information about your relationship to the policyholder where you are the beneficiary and/or not the policyholder.
  • Information relating to your identity such as your national insurance number passport number, vehicle registration number or driving licence number.
  • Information about your job such as job title, employment history and employment records, (including information on your salary, benefits and earnings), education history and professional accreditations.
  • Information which we obtain as part of checking sanctions lists.
  • Information relevant to your insurance policy. This will depend on the nature of the policy but could include details relating to your property or business activities.
  • Information relevant to your claim or your involvement in the matter giving rise to a claim. For example, if you make a claim following a road traffic accident, we may use personal data relating to your vehicle and named drivers.
  • Information relating to your previous policies or claims.
  • Information which we obtain as part of checking sanctions lists.
  • Information which we have gathered from publicly available sources such as internet search engines like Google, the commercial register ("KVK"), Government department websites and social media sites, including Facebook, YouTube and/or LinkedIn.
  • Information obtained through our use of cookies. You can find out more information about this in section 9.

What sensitive personal data will we collect?

  • Details about your criminal convictions and any related information, to the extent permitted in your jurisdiction. This will include information relating to any offences or alleged offences you have committed and any caution, court sentence or criminal sentence which you are or have been subject to.
  • Details about your physical and mental health which are relevant to your policy or claim (e.g.if you take out, or are covered by, a travel policy, we may need details of pre-existing medical conditions). This may take the form of medical reports or underlying medical data such as x-rays or blood tests.
  • Information relating to your identity such as your national insurance number
  • We may also collect other sensitive personal data in limited circumstances where relevant to a claim.

How will we collect your personal data?

We will collect personal data directly from you when you:

  • apply for or renew a policy;
  • you are provided you with a quotation;
  • make a claim on your policy or via the administration of a claim, or we are notified of an incident relevant to a policy;
  • respond to a customer survey;
  • use any of the QBE websites;
  • contact us by email, telephone (including our telephone helpline) and through other written and verbal communications, including our online live chat facility via our e-trading platform;
  • request information about our products and services or subscribe to a newsletter or bulletin; or
  • make a complaint.

We will also collect personal data from:

  • The named policyholder where you are a beneficiary;
  • Third parties involved in your insurance policy or claim (such as our business partners and representatives, brokers, sub-brokers, other insurers, claimants, defendants, witnesses or other individuals who provide us with information in relation to an incident);
  • Other third parties who provide a service in relation to your insurance policy or claim such as loss adjusters, claims handlers, lawyers, experts (including medical experts and medical reports), healthcare and rehabilitation providers and other service providers;
  • Emergency assistance and medical services providers;
  • Claims services providers;
  • Publicly available sources such as internet search engines like Google, the commercial register ("KVK"), Government department websites and social media sites, including Facebook, YouTube and/or LinkedIn.
  • Other companies within the QBE Group;
  • Credit reference agencies;
  • Insurance industry and other fraud prevention and detection databases and sanctions screening tools such as the Insurance Fraud Bureau;
  • Insurance industry databases, the Dutch Authority for the Financial Markets ("AFM"), the UK and the UK Prudential Regulation Authority;
  • The police where they have provided us with information and other law enforcement agencies;
  • From government agencies such as, the Ministry of Justice and Security, the Public Prosecution Service, and the Dutch Central Bank ("DNB") Sanctions;
  • Professional regulators such as the competent medical council, competent solicitors regulation authority; or
  • Selected third parties in connection with any sale, transfer or disposal of our business.

What will we use your personal data for?

We may use your personal data for a number of different purposes. In each case, we must have a legal basis to do so, meaning we must justify each use of your personal data. We will rely on the following legal basis, when we process your personal data:

  • We need to use your personal data to enter into or perform the insurance contract that we hold with you. For example: we need to use your personal data to provide you with your insurance policy and other associated products (e.g. legal expenses cover). We will rely on this for activities such as handling and paying your insurance claims or preventing and detecting fraud.
  • We are subject to a legal or regulatory obligation to use such personal data. For example: our regulators require us to hold certain records of our dealings with you.
  • We need to use your personal data for a legitimate interest (e.g. to properly investigate incidents which you are the subject of a claim, to keep business and accounting records, manage our business operations or to develop and improve our products and services). When using your personal data for these purposes, we will always consider your rights and interests.

When the personal data that we process is classed as sensitive personal data, we must rely on an additional legal basis. We will rely on the following legal basis when we process your sensitive personal data:

  • We need to use sensitive personal data for the purposes of preventing and detecting unlawful acts and/or there is a substantial public interest in such use.
  • We need to use such sensitive personal data to establish, exercise or defend legal claims. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
  • You have provided your consent to our use of your sensitive personal data (e.g. in relation to your marketing preferences). In some circumstances, we may need your consent to process sensitive personal data (e.g. health information). You can withdraw your consent at any time unless we are required to keep on processing it. For example, we may need your consent to process your personal data because otherwise we may be unable to provide your policy or handle claims. In such cases, we will always explain why your consent is necessary. You can refer to section 8 for more information.

Purpose for processing

Legal basis for using your personal data

Legal basis for using your sensitive personal data

To administer and manage the insurance policy.

It is necessary to enter into or perform your insurance contract.

We are subject to a relevant legal or regulatory obligation.

We have a legitimate interest (to properly manage the insurance policy).
  • You have given us your explicit consent.

Handling and paying insurance claims.
  • It is necessary to enter into or perform your insurance contract.
  • We are subject to a relevant legal or regulatory obligation.
  • We have a legitimate interest (to assess and pay your claim and handle the claims process).
  • You have given us your explicit consent.
  • We need to use your personal data in order to establish, exercise or defend legal claims.

Prevention and detection of and investigating and prosecuting fraud and sanctions checking. This might include sharing your personal data with third parties such as the police, and other insurance and financial services providers and insurance industry databases.
  • It is necessary to enter into or perform your insurance contract.
  • We are subject to a relevant legal or regulatory obligation.
  • We have a legitimate interest (to prevent, detect and prosecute fraud and other financial crime).
  • It is in the substantial public interest to prevent or detect unlawful acts.
  • We need to use your personal data in order to establish, exercise or defend legal claims .
  • You have given us your explicit consent.

Complying with legal or regulatory obligations which we are subject to.
  • We are subject to a relevant legal or regulatory obligation.
  • We need to use your personal data in order to establish, exercise or defend legal claims.

Communicating with you and resolving any complaints that you might have.
  • It is necessary to enter into or perform your insurance contract.
  • We are subject to a relevant legal or regulatory obligation.
  • We have a legitimate interest (to send you communications, record and investigate complaints and ensure that future complaints are handled appropriately).
  • We need to use your personal data in order to establish, exercise or defend legal claims.
  • You have given us your explicit consent.

Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice).
  • We have a legitimate interest (to effectively manage our business operations).
  • We are subject to a relevant legal or regulatory obligation.
  • You have given us your explicit consent.
  • We need to use your personal data in order to establish, exercise or defend legal claims.

Monitoring applications, reviewing, assessing, tailoring and improving our products and services and similar products and services offered by the QBE Group.
  • We have a legitimate interest (to develop and improve the products and services offered by QBE or by the QBE Group).
  • You have given us your explicit consent.

Tracing and recovering debt.
  • We have a legitimate interest (to trace and recover debt that is owed to us).
  • We need to use your personal data in order to establish, exercise or defend legal claims.

Investigating or detecting the unauthorised use of our systems, to secure our system and to ensure the effective operation of our systems).
  • We have a legitimate interest (to ensure the integrity and security of our systems).
  • We need to use your personal data in order to establish, exercise or defend legal claims.

To apply for and claim on our own insurance.
  • We have a legitimate interest (to ensure that we have appropriate insurance in place).
  • We need to use your personal data in order to establish, exercise or defend legal claims.
  • You have given us your explicit consent.

Transferring or selling part of our business or re-organising our company structure.
  • We have a legitimate interest (to manage our business portfolio and re-organise our company).
  • We are subject to a relevant legal or regulatory obligation.
  • You have given us your explicit consent.

Who will we share your personal data with?

We will keep your personal data confidential, and we will only share it where necessary for the purposes set out above with the following parties.

  • Other QBE Group companies for our general administration purposes, marketing purposes in accordance with the preferences you have expressed or for the prevention and detection of fraud.
  • Our insurance partners such as brokers, sub-brokers, reinsurers or other companies who act as insurance distributors.
  • Third parties who assist in the administration of insurance policies or the handling of claims. These include loss adjusters, claims handlers, accountants, auditors, banks, lawyers and other experts including medical experts.
  • Other insurers who provide our own insurance (reinsurers) and companies who arrange such reinsurance.
  • Third parties who provide sanctions checking services.
  • Insurance industry bodies.
  • Fraud detection agencies and other third parties who operate and maintain fraud detection registers.
  • Health providers (for example, a hospital which is responsible for any treatment you receive through the policy or a rehabilitation provider).
  • Our regulators including the UK Financial Conduct Authority, the UK Prudential Regulation Authority and The Dutch Authority for the Financial markets ("Autoriteit financiële markten").
  • The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime.
  • Debt collection agencies.
  • Credit reference agencies.
  • Our third party service providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers, outsourced business process management providers, our subcontractors and tax advisers.
  • Third parties who undertake analysis for the purposes of product improvement.
  • Selected third parties in connection with any sale, transfer or disposal of our business.
  • Government departments.
  • Policyholders, for the purposes of claims review meetings and discussing claims experiences.

Third party claimant and prospective claimants and third parties under commercial insurance policies

If you make a claim, or are intending to make a prospective claim, against a third party who has an insurance policy with us, this section will be relevant to you and sets out our uses of your personal data.

What personal data will we collect?

  • Your name, address, date of birth and gender.
  • Contact information such as your telephone numbers and email addresses.
  • Financial information such as your bank details, payment details and information obtained as a result of our credit checks such as bankruptcy orders, individual voluntary arrangements or court judgments.
  • Information relating to your identity such as your national insurance number, passport or ID card number, vehicle registration number or driving licence number.
  • Information about your job such as job title, employment history and employment records (including information on your salary, benefits and earnings), education history and professional accreditations.
  • Information relating to previous insurance policies you have held and claims you have made.
  • Information relevant to your claim or your involvement in the matter giving rise to a claim. Forexample: if you make a claim following a road traffic accident, we may use personal data relating to your vehicle and named drivers.
  • Information relating to your previous claims.
  • Information which we obtain as part of checking sanctions lists.
  • Information we have obtained from insurance industry databases;
  • Information which we have gathered from publicly available sources such as internet search engines like Google, the commercial register ("KVK"), Government department websites and social media sites, including Facebook, YouTube and/or LinkedIn.

What sensitive personal data will we collect?

  • Details about your criminal convictions and any related information, to the extent permitted in your jurisdiction. This will include information relating to any offences or alleged offences you have committed and any caution, court sentence, or criminal sentence which you are or have been subject to.
  • Details about your physical and mental health which are relevant to your claim (e.g. because you have been injured whilst at a property insured by us). This may take the form of medical reports or underlying medical data such as x-rays or blood tests.
  • Information relating to your identity such as your national insurance number.
  • We may also collect other sensitive personal data, in limited circumstances, where relevant to a claim.

How will we collect your personal data?

As well as obtaining information directly from you, we may collect personal data from:

  • The party who holds a policy with us.
  • Third parties involved in the insurance policy or claim (such as our business partners and representatives, brokers, sub-brokers, other insurers, claimants, defendants, witnesses or other individuals who provide us with information in relation to an incident).
  • Other third parties who provide a service in relation to your claim such as loss adjusters, claims handlers, solicitors and professional experts (including medical experts), healthcare and rehabilitation providers and other service providers.
  • Emergency assistance and medical services providers.
  • Claims services providers.
  • Publicly available sources such as internet search engines like Google, the commercial register ("KVK"), Government department websites and social media sites, including Facebook, YouTube and/or LinkedIn.
  • Other companies within the QBE Group.
  • Insurance industry and other fraud prevention and detection databases and sanctions screening tools such as the Insurance Fraud Bureau, Absolute, Validus, HMT Sanctions and contracted vendor data wash tools.
  • Insurance industry databases.
  • The police where they have provided us with information and other law enforcement agencies.
  • Government agencies;
  • Professional regulators such as the competent medical council, Health Council of the Netherlands and the Netherlands Bar Association, competent solicitors regulation authority.

What will we use your personal data for?

We may use your personal data for a number of different purposes. In each case, we must have a legal basis to do so, meaning we must justify each use of your personal data. We will rely on the following legal basis , when we process your personal data:

  • We are subject to a legal or regulatory obligation to use such personal data. For example: our regulators require us to hold certain records of our dealings with you.
  • We need to use your personal data for a legitimate interest (e.g. to properly investigate incidents which are the subject of a claim, to keep business and accounting records, manage our business operations and to develop and improve our products and services). When using your personal data for these purposes, we will always consider your rights and interests.

When the personal data that we process is classed as sensitive personal data, we must rely on an additional legal basis. We will rely on the following legal basis when we process your sensitive personal data:

  • We need to use sensitive personal data for the purposes of preventing and detecting unlawful acts or there is a substantial public interest in such use.
  • We need to use such sensitive personal data to establish, exercise or defend legal claims. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or we are considering the claim that has been made against our policyholder.
  • You have provided your consent to our use of your personal data. In some circumstances, we may need your consent to process sensitive personal data (e.g. health information). You can withdraw your consent at any time unless we are required to keep on processing it. For example: we may need your consent to process your personal data because otherwise we may be unable to handle your claims. In such cases, we will always explain why your consent is necessary. You can refer to section 8 for more information.
Purpose for processing Legal basis for using your personal data< Legal basis for using your sensitive personal data

Handling and paying claims.
  • We have a legitimate interest (to assess and pay your claim and handle the claims process).
  • We need to use your personal data in order to comply with our legal obligations.
  • We need to use your personal data in order to establish, exercise or defend legal claims.
  • You have given us your explicit consent.

Prevention and detection of and investigating and prosecuting fraud and sanctions checking. This might include sharing your personal data with third parties such as the police, and other insurance and financial services providers and insurance industry databases.
  • We have a legitimate interest (to prevent, detect and prosecute fraud and other financial crime).
  • We are subject to a relevant legal or regulatory obligation.
  • It is in the substantial public interest to prevent or detect unlawful acts.
  • We need to use your personal data in order to establish, exercise or defend legal claims .
  • You have given us your explicit consent.

Complying with legal or regulatory obligations which we are subject to.
  • We are subject to a relevant legal or regulatory obligation.
  • We need to use your personal data in order to establish, exercise or defend legal claims.

Communicating with you and resolving any complaints that you might have.
  • We are subject to a relevant legal or regulatory obligation.
  • We have a legitimate interest (to send you communications, record and investigate complaints and ensure that future complaints are handled appropriately).
  • We need to use your personal data in order to establish, exercise or defend legal claims.
  • You have given us your explicit consent.

Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice). For business processes and activities including analysis, review, planning and business transaction.
  • We have a legitimate interest (to effectively manage our business operations).
  • We are subject to a relevant legal or regulatory obligation.
  • You have given us your explicit consent.
  • We need to use your personal data in order to establish, exercise or defend legal claims.

Tracing and recovering debt.
  • We have a legitimate interest (to trace and recover debt that it is owed to us)
  • We need to use your personal data in order to establish, exercise or defend legal claims.

To apply for and claim on our own insurance.
  • We have a legitimate interest (to ensure that we have appropriate insurance in place).
  • We need to use your personal data in order to establish, exercise or defend legal claims.
  • You have given us your explicit consent.

Investigating or detecting the unauthorised use of our systems, to secure our systems and to ensure the effective operation of our systems).
  • We have a legitimate interest (to ensure the integrity and security of our systems).
  • We need to use your personal data in order to establish, exercise or defend legal claims.

Transferring or selling part of our business or re-organising our company structure.
  • We have a legitimate interest (to manage our business portfolio and re-organise our company).
  • We are subject to a relevant legal or regulatory obligation.
  • You have given us your explicit consent.

Who will we share your personal data with?

We will keep your personal data confidential and we will only share it where necessary for the purposes set out above with the following parties.

  • Other QBE Group companies for our general administration purposes, marketing purposes in accordance with the preferences you have expressed or for the prevention and detection of fraud.
  • Our insurance partners such as brokers, sub-brokers, reinsurers or other companies who act as insurance distributors.
  • Third parties who assist in the administration of your claim such as loss adjusters, claims handlers, accountants, auditors, banks, lawyers and other experts including medical experts.
  • Other insurers (e.g. where another insurer is also involved in a claim that you are making).
  • Other insurers who provide our own insurance (reinsurers) and companies who arrange such reinsurance.
  • Third parties who provide sanctions checking services.
  • Insurance industry bodies.
  • Fraud detection agencies and other third parties who operate and maintain fraud detection registers.
  • Health providers (for example, a hospital which is responsible for any treatment you receive through the policy or a rehabilitation provider).
  • Our regulators including the Dutch Authority for the Financial Markets (“Autoriteit financiële markten”), the UK Financial Conduct Authority and the UK Prudential Regulation Authority.
  • The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime.
  • Our third party service providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers, outsourced business process management providers, our subcontractors and tax advisers.
  • Selected third parties in connection with any sale, transfer or disposal of our business.
  • Government departments.

Witnesses to an incident or other individuals who provide us with information in relation to an incident

If you are a witness to an incident or an individual who otherwise provides us with personal data in relation to an incident which is the subject of a claim, this section will be relevant to you and sets out our uses of your personal data.

What personal data will we collect?

  • Your name, address, date of birth and gender.
  • Contact information such as your telephone numbers and email addresses.
  • Personal data relevant to the incident that you have witnessed.
  • Personal data which we have gathered from publicly available sources such as internet search engines like Google, the commercial register ("KVK", Government department websites and social media sites, including Facebook, YouTube and/or LinkedIn.

What sensitive personal data will we collect?

We do not routinely process sensitive personal data of witnesses. However, we may do so if it is relevant to the incident that you have witnessed (for example: if you have a health condition which may affect your witness statement).

How will we collect your personal data?

As well as obtaining personal data directly from you, we will collect personal data from:

  • Third parties involved in the incident you witnessed (such as brokers, sub-brokers, other insurers, claimants, defendants, other witnesses or other individuals who provide us with information in relation to an incident).
  • Other third parties who provide a service in relation to the claim which relates to the incident you witnessed such as loss adjusters, claims handlers, and experts (including medical experts), healthcare and rehabilitation providers and other service providers.
  • Publicly available sources such as internet search engines like Google, the commercial register ("KVK"), Government department websites and social media sites, including Facebook, YouTube and/or LinkedIn.
  • Other companies within the QBE Group.

What will we use your personal data for?

We may use your personal data for a number of different purposes. In each case, we must have a legal basis to do so. We will rely on the following legal basis when we process your "personal data":

  • We are subject to a legal or regulatory obligation to use such personal data. For example: our regulators require us to hold certain records of our dealings with you.
  • We need to use your personal data for a legitimate interest (e.g. to properly investigate incidents which are the subject of a claim, to keep business and accounting records, managing our business operations and to develop and improve our products and services). When using your personal data for these purposes, we will always consider your rights and interests.

When the personal data that we process is classed as sensitive personal data, we must rely on an additional legal basis. We will rely on the following legal basis when we process your "sensitive personal data":

  • We need to use such sensitive personal data to establish, exercise or defend legal claims. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves.
  • You have provided your consent to our use of your sensitive personal data. You can withdraw your consent at any time unless we are required to keep on processing it. In such cases, we will always explain why your consent is necessary. You can refer to section 8 for more information.
Purpose for processing Legal basis for using your personal data Legal basis for using your sensitive personal data

Handling and paying claims.
  • We have a legitimate interest (to assess and pay claims and handle the claims process).
  • We are subject to a relevant legal or regulatory obligation.
  • We need to use your personal data in order to establish, exercise or defend legal claims.
  • You have given us your explicit consent.

Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice). For business processes and activities including analysis, review, planning and business transactions.
  • We have a legitimate interest (to effectively manage our business operations).
  • We are subject to a relevant legal or regulatory obligation.
  • You have given us your explicit consent.

Complying with legal or regulatory obligations which are subject to.
  • We are subject to a relevant legal or regulatory obligation.
  • We need to use your personal data in order to establish, exercise or defend legal claims.

Prevention and detection of and investigating and fraud. This might include sharing your personal data with third parties such as the police, and other insurance and financial services providers and insurance industry databases.
  • We have a legitimate interest (to prevent and detect fraud and other financial crime).
  • We are subject to a relevant legal or regulatory obligation.
  • We need to use your information in order to establish, exercise or defend legal claims.
  • You have given us your explicit consent.

Investigating or detecting the unauthorised use of our systems, to secure our system and to ensure the effective operation of our systems)
  • We have a legitimate interest (to ensure the integrity and security of our systems).
  • We need to use your personal data in order to establish, exercise or defend legal claims.

Transferring or selling part of our business or re-organising our company structure.
  • We have a legitimate interest (to manage our business portfolio and re-organise our company).
  • We are subject to a relevant legal or regulatory obligation.
  • You have given us your explicit consent.

Who will we share your personal data with?

We will keep your personal data confidential and we will only share it where necessary for the purposes set out above with the following parties:

  • Other QBE Group companies for our general administration purposes or for the prevention and detection of fraud.
  • Our insurance partners such as brokers, sub-brokers, reinsurers or other companies who act as insurance distributors.
  • Third parties who assist in the administration of the insurance policy or claim. These include loss adjusters, claims handlers, accountants, auditors, banks, lawyers and other experts including medical experts.
  • Other insurers (e.g. where another insurer is also involved in the claim which relates to the incident you witnessed).
  • Other insurers who provide our own insurance (reinsurers) and companies who arrange such reinsurance.
  • Fraud detection agencies and other third parties who operate and maintain fraud detection registers.
  • Our regulators including the Dutch Authority for the Financial Markets ("Autoriteit financiële markten").
  • The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime.
  • Our third-party service providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers, outsourced business process management providers, our subcontractors and tax advisers.
  • Selected third parties in connection with any sale, transfer or disposal of our business.

Brokers, sub-brokers appointed representatives and other business partners, such as lawyers and claims handlers

If you are a broker or sub-broker doing business with us, an appointed representative or another business partner such as a lawyer or claims handler, this section will be relevant to you and sets out our uses of your personal data.

What personal data will we collect?

  • Your name, address, date of birth and gender.
  • Contact information such as your telephone numbers and email addresses.
  • Personal data about your job such as job title and previous roles.
  • Personal data which we obtain as part of checking sanctions lists.
  • Personal data which we have gathered from publicly available sources such as internet search engines like Google, the commercial register ("KVK"), Government department websites and social media sites, including Facebook, YouTube and/or LinkedIn.

What sensitive personal data will we collect?

  • Personal data relating to your criminal convictions (including offences and alleged offences and any court sentence or unspent criminal convictions), to the extent permitted in your jurisdiction.

How will we collect your information?

As well as obtaining personal data directly from you, we will collect personal data from:

  • Other QBE Group companies.
  • Publicly available sources such as internet search engines like Google, the commercial register ("KVK"), Government department websites and social media sites, including Facebook, YouTube and/or LinkedIn.
  • From service providers who carry out sanctions checks.

What will we use your personal data for?

We may use your personal data for a number of different purposes. In each case, we must have a legal basis to do so, meaning we must justify each use of your personal data. We will rely on the following legal basis when we process your personal data:

  • We need to use your personal data to enter into or perform the contract that we hold with you. For example: we may need certain information in order to operate our business partnership arrangement.
  • We are subject to a legal or regulatory obligation to use such personal data. For example: we may be required to carry out certain background checks.
  • We need to use your personal data for a legitimate interest (e.g. to keep business and accounting records, manage our business operations and to improve quality, training and security). When using your personal data for these purposes, we will always consider your rights and interests.

When the personal data that we process is classed as sensitive personal data, we must rely on an additional legal basis. We will rely on the following legal basis when we process your sensitive personal data:

  • We need to use your sensitive personal data to establish, exercise or defend legal claims. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves.
  • You have provided your consent to our use of your sensitive personal data. You can withdraw your consent at any time unless we are required to keep on processing it. In such cases, we will always explain why your consent is necessary. You can refer to section 8 for more information.
Purpose for processing Legal basis for using your personal data Legal basis for using your sensitive personal data

Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice). For business processes and activities including analysis, review, planning and business transaction.
  • We have a legitimate interest (to effectively manage our business operations).
  • We are subject to a relevant legal or regulatory obligation.
  • You have given us your explicit consent.
  • We need to use your personal data in order to establish, exercise or defend legal claims.

To provide key business services such as policy and claims administration.
  • We have a legitimate interest (to effectively provide insurance services and rely on the expertise of other third parties to assist).
  • Not applicable.

To build and maintain our business relationships
  • We have a legitimate interest (to build strong business relationships and manage such relationships).
  • Not applicable.

To communicate with you and provide you with marketing communications.
  • We have a legitimate interest (to operate and develop our business).
  • Not applicable.

Complying with legal or regulatory obligations which we are subject to.
  • We need to use your personal data in order to comply with our legal obligations.
  • We need to use your personal data in order to establish, exercise or defend legal claims.

Communicating with you to manage and handle your queries.
  • We have a legitimate interest (to send you communications to effectively manage our business and respond to your queries).
  • It is necessary to enter into or perform our contract with you.
  • Not applicable.

Investigating or detecting the unauthorised use of our systems, to secure our systems and to ensure the effective operation of our systems).
  • We have a legitimate interest (to ensure the integrity and security of our systems).
  • We need to use your personal data in order to establish, exercise or defend legal claims.

Transferring or selling part of our business or re-organising our company structure.
  • We have a legitimate interest (to manage our business portfolio and re-organise our company).
  • We have a relevant legal or regulatory obligation.
  • You have given us your explicit consent.

Who will we share your personal data with?

We will keep your personal data confidential and we will only share it where necessary for the purposes set out above with the following parties:

  • Our policyholders and other third parties such as claimants where relevant.
  • Other QBE Group companies for our general administration purposes, marketing purposes in accordance with the preferences you have expressed or for the prevention and detection of fraud.
  • Our insurance partners such as brokers, sub-brokers, reinsurers or other companies who act as insurance distributors.
  • Third parties who assist in the administration of the insurance policy or claim. These include loss adjusters, claims handlers, accountants, auditors, banks, lawyers and other experts including medical experts.
  • Other insurers who provide our own insurance (reinsurers) and companies who arrange such reinsurance.
  • Third parties who provide sanctions checking services.
  • Fraud detection agencies and other third parties who operate and maintain fraud detection registers.
  • Our regulators including the Dutch Authority of the Financial Markets ("Autoriteit financiële markten") .
  • The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime.
  • Our third-party service providers such as IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, our subcontractors and tax advisers.
  • Selected third parties in connection with any sale, transfer or disposal of our business.

Users of the QBE websites

If you are a user of the QBE websites, this section will be relevant to you and sets out our uses of your personal data.

What personal data will we collect?

  • General information submitted via the website, for example where you provide your details via the contact us section such as your name, contact details (telephone numbers and email addresses) and company name.
  • Information submitted through the claim reporting tool for motor incidents including names of drivers, injured persons, witnesses, police and insurer details, dates of birth and contact details including address, phone number and email address.
  • Information obtained through our use of cookies. You can find more information about this in section 9.

What sensitive personal data will we collect?

personal data submitted through the claim reporting tool for motor incidents including:

  • Details about criminal convictions and any related information. This will include personal data relating to any offences or alleged offences committed and any caution, court sentence, or criminal sentence which you or your drivers are or have been subject to.
  • Details about known medical conditions.
  • Details of any injuries which have been suffered by a beneficiary or a third party.

How will we collect your personal data?

We will collect your personal data directly from our website.

What will we use your personal data for?

We may use your personal data for a number of different purposes. In each case, we must have a legal basis to do so, meaning we must justify each use of your personal data. We will rely on the following legal basis, when we process your personal data:

  • We need to use your personal data for a legitimate interest (e.g. to monitor the number of visitors and usage of our website, to follow up on enquiries and to provide marketing information to you). When using your personal data for these purposes, we will always consider your rights and interests.

When the personal data that we process is classed as sensitive personal data, we must rely on an additional legal basis. We will rely on the following legal basis when we process your sensitive personal data:

  • You have provided your consent to our use of your sensitive personal data. You can withdraw your consent at any time unless we are required to keep on processing it. In such cases, we will always explain why your consent is necessary. You can refer to section 8 for more information.
Purpose for processing Legal basis for using your personal data Legal basis for using your sensitive personal data

To follow up on enquiries you make.
  • We have a legitimate interest (to respond to your queries).
  • You have given us your explicit consent.

To provide marketing information to you (including information about other products and services and undertaking customer surveys) in accordance with preferences you have expressed.
  • We have a legitimate interest (to send you selected communications about other products and services we offer)
  • You have given us your explicit consent.

Who will we share your personal data with?

We will keep your personal data confidential and we will only share it where necessary for the purposes set out above with our QBE Group companies.

We may use your personal information to provide you with information about products or services which may be of interest to you where you are an existing customer or business contact or where you have provided your consent for us to do so. We may do this by post, email, telephone and social media.

We are committed to only sending you marketing communications that you have clearly expressed an interest in receiving. If you wish to opt out of marketing, you may do so by clicking on the 'unsubscribe' link that appears in all emails or telling us when we call you. Otherwise you can always contact us using the details set out in section 9 to update your contact preferences.

Please note that, even if you do choose not to receive marketing messages, we may still send you service-related communications where necessary.

Unsubscribe from QBE EO Marketing Communications.

We will retain your personal data for as long as reasonably necessary to fulfil the purposes set out in section 2 above and to comply with our legal and regulatory obligations

We have a detailed retention policy in place which governs how long we will hold different types of personal data for. The exact time period will depend on your relationship with us, the type of personal data we hold and the type of insurance, for example:

  • If you take out a policy with us but do not make a claim, depending on the type of policy, we will retain your personal data for seven (7) years from the expiry of your policy.
  • If you make a claim under a policy we provide, depending on the type of policy, we will retain your personal data for seven (7) years from the date on which the claim is settled.
  • If we have a business relationship with you, we will retain your details for the lifetime of such relationship and for seven (7) years after

If you would like further information regarding the periods for which your personal data will be stored, please contact us using the details set out in section 10.

Sometimes we (or third parties acting on our behalf) may need to store or process your personal data in countries outside of The Netherlands.

Where we need to transfer your personal data outside The Netherlands and the European Economic Area (“EEA”), we will take steps to ensure that your personal data is protected. We will do this using a number of different methods including:

  • putting in place appropriate contracts. We use a set of contract wording known as the 'Standard Contractual Clauses' which have been approved by the data protection authorities. You can find out more about the Standard Contractual Clauses here.
  • transferring personal data only to countries which have been deemed by the European Commission to have adequate levels of data protection (such as countries in the European Economic Area ('EEA')). You can find out more about this here
  • where appropriate other substantive operational and/or technical means of protection, such as strengthened encryption measures, advanced due diligence and transparency measures and additional contractual obligations.

Depending on our relationship and your particular circumstances, we might transfer personal data anywhere in the world.

If you would like further information regarding our data transfers and the steps we take to safeguard your personal data, please contact us using the details set out in section 9.

We have a package of technical and organisational measures in place to protect your personal data which have been adopted to comply with the latest data protection requirements.

The measures cover various aspects of data security including the following:

  • Encryption, data masking and activity logging as appropriate;
  • Putting in place access controls and maintaining access logs;
  • Having minimum password requirements and requiring regular changes to passwords;
  • Having physical access controls to our offices;
  • Implementing procedures for security incident management and back-up and recovery and having in place disaster recovery and business continuity plans;
  • Use of firewalls and up-to-date virus scanning software and email filtering services; and
  • Providing regular security and privacy/data protection training for all our employees.

Our security measures are kept under periodic review and are regularly updated to reflect developments in technology and security and changes to our business. However, and although we are doing our very best to reduce this risk as much as possible, please be aware that there are inherent security risks in transmitting data, such as e-mails or via the Internet, because it is impossible to safeguard completely against unauthorised access by third parties.

What is profiling

Profiling is any form of automated processing of personal data to evaluate certain personal aspects. Insurance underwriting, and sometimes claims payment, is based on profiling, as it assesses if you are seeking to insure and the likelihood of that event occurring.

We use profiling as part of:

  • Assessing insurance applications. For example, when we are considering whether or not to offer a motor policy, we will consider the likelihood of an accident occurring (e.g. using your claims history) and the likely cost of replacing your vehicle (e.g. using our wider experience of dealing with other claims). We will compare this information against industry averages and our previous experience. We will use the outcome of that profiling to decide whether or not to offer insurance and the premium price.
  • Assessing and administering claims. We use systems as part of our claims process to prepare the questions we ask of you and to help us decide on an appropriate settlement figure. For example, if you are making a claim for injury, we will use information relating to your injury, treatment and prognosis to generate a valuation band for your injuries.
  • Preventing and detecting insurance fraud. We use systems to help us recognise likely indications of insurance fraud. This might result in a claim being passed to our fraud team for further investigation.

We keep our profiling process under regular review and, in most cases, an individual will then make a decision based on the outcome of that profiling.

What is automated decision-making?

Automated decision-making refers to a situation where a decision is taken using personal data that is processed solely by automatic means (i.e. using an algorithm or other computer software), rather than a decision that is made with some form of human intervention.

Automated decision-making is widely used in the insurance industry to offer and administer insurance efficiently and accurately. Where an automated decision produces a legal effect or other similarly significant effect concerning you (for example, where your policy or claim is rejected), we will only carry out automated decision-making using your personal data where it is necessary for the purposes of entering into or performing a contract with you (e.g. to assess your insurance application). In all other cases, we will ask for your consent in advance.

We currently use automated decision-making in our motor business. We use an electronic-trading system called Acturis to help us assess the risk and calculate what premium we charge. We have certain pricing rules which are fed into the system. For example, whether you have had a claim in the last five (5) years will affect the price, as will the amount you wish us to cover. Using these rules, the system automatically decides whether to accept, decline or refer your application to an underwriter for further consideration.

Please see section 8 for the rights that arise when we carry out automated decision-making.

Under data protection law you have a number of rights in relation to the personal data that we hold about you which we set out below. Some of these rights can apply quite broadly whereas others apply in more restricted circumstances. You can exercise your rights by contacting us at any time using the contact details set out in section 10. We will not usually charge you in relation to a request.

Please note that although we take your rights seriously, there may be some circumstances where we cannot comply with your request such as where complying with it would mean that we could not comply with legal or regulatory obligations which we are subject to. In these instances, we will let you know why we cannot comply with your request.

In some circumstances, complying with your request may result in your insurance policy being cancelled or your claim being discontinued. For example, if you request erasure of your personal data, we would not have the information required to pay your claim. We will inform you of this at the time we consider your request.

The right to access your personal data

You are entitled to a copy of the personal data we hold about you and certain details about how we use it. We may require proof of identity before providing the requested information.

We will usually provide your personal data to you in writing unless you request otherwise. Such request will usually be without charge. Where your request has been made electronically (e.g. by email), a copy of your personal data will be provided to you by electronic means where possible.

The right to rectification

We always take care to ensure that the personal data we hold about you is accurate and, where necessary, up to date. If you believe that there are any inaccuracies, discrepancies or gaps in the information we hold about you, you can contact us using the contact details set out in section 10 and ask us to update or amend it accordingly.

The right to restriction of processing

In certain defined circumstances, you are entitled to ask us to stop using your personal data, for example where you think that the personal data we hold about you may be inaccurate or where you think that we no longer need to use your personal data.

The right to withdraw your consent

Where we rely on your consent in order to process your personal data, you have the right to withdraw such consent to further use of your personal data. However, withdrawal of your consent does not affect the lawfulness of the processing prior to that moment.

Please note that for some purposes, we need your consent in order to provide your policy or handle your claim. If you withdraw your consent, we may need to cancel your policy or we may be unable to pay your claim. We will advise you of this at the point you seek to withdraw your consent.

The right to erasure

Also known as the 'right to be forgotten', this right entitles you, in certain circumstances, to request deletion of your personal data. For example, where we no longer need your personal data for the original purpose we collected it for or where you have exercised your right to withdraw your consent.

Whilst we will assess every request, there are other factors that will need to be taken into consideration when we will review your erasure request. For example, we may be unable to erase your personal data as you have requested because we are subject to a legal or regulatory obligation that requires us to retain it.

The right to object

In certain cases, you have the right to object to our processing. This arises in relation to:

Marketing: You have control over the extent to which we market to you and you have the right to request, at any time that we stop sending you marketing messages. You can do this either by clicking on the "unsubscribe" button in any email that we send you or by contacting us using the details set out in section 10. Please note that even if you exercise this right, because you do not want to receive marketing messages, we may still send you service-related communications where necessary.

Processing based on our legitimate interest: You can object to the processing of your personal data when we process it on the basis of a legitimate interest, unless our purpose outweighs any prejudice to your privacy rights.

The right to data portability

In certain circumstances, you can request that we transfer personal data that you have provided to us directly to a third party.

Rights relating to automated decision-making (including profiling)

Where an automated decision produces a legal or other similarly significant effect concerning you (for example, where your policy or claim is rejected), you have the right to ask us to reconsider a decision taken by automated means or to take a new decision on a different basis (e.g. by introducing some form of human involvement).Exercising of this right may be limited under certain conditions, such as where the automated decision, other than based on profiling, is necessary for compliance with a legal obligation to which we are subject to.

The right to make a complaint to the local Dutch Data Protection Authority, the Autoriteit Persoongegevens

You have a right to complain to the Dutch Data Protection Authority, the Autoriteit Persoongegevens, if you believe that we have breached data protection laws when using your personal data. here.

You can visit their website here for more information. Please note that lodging a complaint will not affect any other legal claims or remedies that you have.

If you would like further information about any of the matters in this Notice or if have any other questions about how we collect, use, share or store your personal data, you may contact our data protection officer by emailing dpo@uk.qbe.com or writing to:

The Data Protection Officer
QBE European Operations
30 Fenchurch Street
London EC3M 3BD
Email: dpo@uk.qbe.com

From time to time we may need to make changes to this Notice, for example, as the result of changes to law, technologies, or other developments. We will provide you with the most up-to-date Notice and you can check our website periodically to view it.

This notice was last updated on 28/12/2022.