Cookie Policy

This site uses cookies. By continuing to browse the site you are agreeing to use our cookies. Read our Privacy Policy.

Sunderland Marine - Privacy Policy

Privacy Policy

Your personal privacy is of paramount importance to us at the North Group.

This privacy notice is intended to provide you with details of how we collect and use your personal data, as well as explaining your rights as a data subject, in accordance with UK Data Protection Legislation and Regulation (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (General Data Protection Regulation “GDPR”) .

Under the EU’s General Data Protection Regulation personal data is defined as: ‘Any information relating to an identified or identifiable natural person’

 

Who are we?

We are:

  • North of England Protecting and Indemnity Association Limited (Registered Number: 00505456) 
  • Sunderland Marine Insurance Company Limited (Registered Number: 00016432) 
  • Marine Insurance Australia Limited (ACN 11992049)
  • Aquaculture Risk (Management) Limited: (Company number: 7277271)
  • North of England Marine Consultant (Shanghai) Ltd. Co.

(Collectively referred to as the: North Group; we; us). Our contact details can be found here.

 

Who is our Data Protection Officer?

Our Data Protection Officer is the Head of Group Compliance, who can be contacted at DPO@nepia.com or telephone on 0191 232 5221.

 

1. What information do we collect about you?  

As part of providing services to you we may collect personal data and special category data: 

 

As a broker, intermediary or agent

 

For individuals who are employed or associated with a broker, intermediary, or agent

Personal data:

  • Names and titles
  • Address
  • Email address
  • Business contact details
  • Passport details 
  • Bank account details 

We need to collect this personal data from you to help in the administration of insurance contracts underwritten by us. In some cases we need to collect this personal data for relationship management purposes, to make payment of invoices and in the legitimate interests of our business.

In accordance with the regulation we have established the following lawful reasons for the processing of this data.

  • Necessary for the performance of a contract which you are a party to; or
  • Necessary for the compliance with a legal obligation to which the Group are subject; or
  • Necessary for the purposes of the legitimate interests pursued by us in relation to the performance of insurance business, business development , relationship management purposes and keeping our records up to date.

 

As a current and prospective member, or policyholder, or an individual associated with a member or policyholder; such as a skipper, crew member or ship owner 

 

For current and prospective members, policyholders or an individual associated with a member or policyholder; such as a skipper, crew member or ship owner we may collect the following information:

Personal data:

  • Names and titles
  • Address
  • Email address
  • Date of birth
  • Bank account details
  • Passport details
  • Visa details 
  • Identification number
  • Details of criminal convictions and offences 

Special category data

  • Details of illnesses or injuries, medical reports

We need to collect this personal data from you, including information about your health or criminal records, to enable us to enter into or perform insurance contracts underwritten by us or otherwise to comply with legal obligations in relation to our insurance business. In some cases we need to collect this personal data for relationship management purposes, to make payment of invoices and in the legitimate interests of our business.

In accordance with the regulation we have established the following lawful reasons for the processing of this data.

  • In some instances you will have provided your consent to the collection and sharing of this information. 
  • Necessary for the performance of a contract which you are a party to; or
  • Necessary for the compliance with a legal obligation to which the Group are subject; or
  • Necessary for the purposes of the legitimate interests pursued by us in relation to fully assessing the insurance cover being provided, relationship management purposes, and keeping our records up to date.

Where we are required to collect and process personal data about you in relation to an insurance contract to which you are being provided insurance cover, but you are not a party to the insurance contract, for example an accident and sickness policy, this is necessary to enable us to perform insurance contracts we have entered into in the legitimate interests of our business.

We process details in relation to convictions as it is considered good practice in the insurance industry as well as being necessary for an ‘insurance purpose.’ This includes the advising, arranging, underwriting, administering, administering a claim under, exercising a right or complying with an obligation under, an insurance contract.

The above information may also be provided to us from brokers, agents, intermediaries, correspondents, surveyors and professional advisors. We may combine this with the information provided by you.

 

As an individual involved in a claim, either as a member, policyholder, or an individual benefitting from a member or policyholder’s policy and any other interested party

 

As an individual involved in a claim, either as a member, policyholder, interested party or an individual benefiting from a member or policyholder’s policy we may collect the following information:

Personal data:

  • Name
  • Address
  • Date of birth
  • Identification number
  • Bank account details 
  • Passport details 
  • Visa details 
  • Wedding and birth certificates
  • Travel documentation
  • Details of criminal convictions and offences

Special category data

  • Medical reports

We need to collect this personal data from you, including information about your health or criminal records, to enable us to deal with the administration, processing, handling and settlement of claims made in respect of an insurance contract underwritten by us, and or to comply with legal obligations in relation to our insurance business. This personal data may also in some instances be necessary for the establishment, exercise or defence of legal claims.

In accordance with the regulation we have established the following lawful reasons for the processing of this data.

  • In some instances you will have provided your consent to the collection and sharing of this information. 
  • Necessary for the performance of a contract which you are a party to; or
  • Necessary for the compliance with a legal obligation to which the Group are subject; or
  • Necessary to protect the vital interest of you or another person; or
  • Necessary for the establishment, exercise or defence of a legal claim; or
  • Necessary for the purposes of the legitimate interests pursued by us in relation to the performance of insurance business, in particular the handling of claims.

We process details in relation to convictions as it is considered good practice in the insurance industry as well as being necessary for an ‘insurance purpose.’ This includes the advising, arranging, underwriting, administering, administering a claim under, exercising a right or complying with an obligation under, an insurance contract.

The above information may also be provided to us from brokers, agents, intermediaries, correspondents, surveyors and professional advisors. We may combine this with the information provided by you.

 

Correspondent, Surveyor or Professional advisors      

                                             

For individuals who are employed or associated with correspondents, surveyors or professional advisors we may collect the following information:

  • Name and titles
  • Address
  • Curriculum vitae
  • Email address
  • Business contact details
  • Passport details
  • Bank account details

We need to collect this personal data from you to help in the administration of insurance contracts underwritten by us. In some cases we need to collect this personal data for relationship management purposes, to make payment of invoices and in the legitimate interests of our business.

In accordance with the regulation we have established the following lawful reasons for the processing of this data. 

  • Necessary for the performance of a contract which you are a party to; or
  • Necessary for the compliance with a legal obligation to which the Group are subject; or
  • Necessary for the purposes of the legitimate interests pursued by us in relation to the processing of current or future claims and or the development of a business relationship.

 

As an individual who currently receives or wishes to receive communications and updates from us     

            

For Individuals who currently receive or wish to receive communications and updates from the North Group we may collect the following information:

  • Name
  • Address
  • Email address
  • Contact details

We need to collect this personal data from you to enable us to provide the required statutory communications to North Group members, and in other cases for the purposes of business development and on-going management and development of business relationships.

In accordance with the regulation we have established the following lawful reasons for the processing of this data. 

  • Necessary for the compliance with a legal obligation to provide statutory communications; or
  • Necessary for the purposes of the legitimate interests pursued by us for relationship management, business development, providing information and best practice in relation to loss prevention and ensuring that our communications are appropriately targeted to our audience.

 

As an individual undertaking training and associated loss prevention activities organised or provided by us 

 

For individuals who wish to receive training organised by us we may collect the following information: 

  • Name
  • Address
  • Date of birth
  • Email address
  • Contact details
  • Passport details

We need to collect this personal data from you to be able to arrange the training event and to be able to provide the learning and development you have requested.

 In accordance with the regulation we have established the following lawful reasons for the processing of this data. 

  • Necessary for the performance of a contract which you are a party to.

 

As an individual who has applied or considering applying for a role with the North Group 

 

For Individuals who have applied or considering applying for a role with the North Group we may collect the following:

  • Name
  • Address
  • National Insurance number
  • Proof of identity
  • Email address
  • Contact details
  • Curriculum vitae
  • Details of criminal convictions and offences

Special category data

  • Details of ethnic origin
  • Details of disabilities

We need to collect this personal data from you to enable us to progress your application for a role with us and for us to meet our legal obligations under applicable employment, health and safety and financial services laws and regulations.

In accordance with the regulation we have established the following lawful reasons for the processing of this data. 

  • In some instances you will have provided your consent to the collection and sharing of this information.
  • Necessary for the performance of a contract which you are a party to; or
  • Necessary for the compliance with a legal obligation to which the Group are subject; or
  • Necessary for the purposes of carrying out the obligations and exercising specific rights of the Group or yourself in the field of employment.

The processing of personal data relating to criminal convictions and offences is required to meet our regulatory obligations in respect of the employment of staff within a financial services organisation and is authorised by UK law.

If you do not provide us with such personal data we may not be able to progress your application for a role with us.

 

2. Who do we share information about you with?                                              

The sharing of personal data is required to support our business activities and to provide a service to you, along with ensuring that we meet any statutory or regulatory requirements.

Rather than provide you with a detailed list of the name of every recipient of personal data in this privacy notice, which could only ever be a snap shot in time, we have detailed below a list of the type of recipients we may share information about you with.

We do not share all the information for all individuals with every third party and the list is subject to constant review and change. We will also not disclose your personal data to a third party unless we are satisfied that we either have your consent or a lawful reason for doing so.

If required a full list of the names of all parties that we share information is available from our Data Protection Officer (See details above).

  • Employees and directors of North Group who need access to the personal data to perform their role within the group
  • Financial Services regulators who oversee the activities of authorised insurance businesses
  • Public bodies or law enforcement agencies who are concerned with anti- money laundering, anti-bribery, financial sanctions activity and disclosure and barring services
  • Third parties as required  under the relevant Insolvency Act requirements
  • Corporate registrars who are legally required to hold certain company information
  • Credit reference agencies who provide credit and financial service checks
  • Reinsurers involved with the reinsurance of North Group business
  • Our corporate insurers if required under the terms of the policy placed with them
  • North Group auditors and internal auditors who provide the required auditing and support our financial reporting requirements 
  • Professional  advisors such as lawyers, arbitrators and actuaries, who provide support in dealing with our insurance business
  • Brokers, intermediaries, agents, surveyors and correspondents who may provide initial and on-going support with our insurance business
  • Our company bankers who make and receive payments on our behalf
  • Website and internet service providers who provide the required support and hosting of our internet and intranet services
  • Information Technology support companies who provide day to day maintenance and support for our IT and database services  
  • Workflow management service providers via the internet who support the day to day allocation of tasks to the operational support teams
  • Recruitment agencies who we may deal with during the recruitment process
  • Printers and publishers who provide electronic and paper based solutions for company publications
  • Learning, development and training service providers for the provision of services of that type  
  • Embassies who provide visa processing services for overseas travel or work abroad
  • Current or prospective North Group members or policyholders
  • International Group of Protection and Indemnity Clubs
  • Any company within North Group.  For further information please click here

 

3. Where do we send information about you to?  

North Group operates a number of branches and subsidiaries worldwide.  We may transfer information we hold about you to one or more of these locations (overseas transfer) if required to fulfil the purposes set out above.  We will only do this if one of the following conditions applies to the overseas transfer:-

  • it is necessary in order for us to perform a contract between you and us;  
  • it is necessary in order for us to take measures to enter into a contract with you where you have requested us to do so;
  • it is necessary for us to establish, exercise or defend legal claims; or
  • If none of the conditions listed above apply, you have explicitly consented to the overseas transfer. 

Unless you have specifically consented to the transfer, we will only transfer personal data outside the European Economic Area (EEA) where:-

  • We transfer the data to a country or international organisation which the EU Commission has decided ensures an adequate level of protection for your personal data;
  • the transfer of your personal data is subject to adequate safeguards, which may include binding corporate rules or standard data protection clauses adopted by the EU Commission; or
  • one of the derogations in the GDPR to transfer personal data outside the EEA applies.

 

4. How long do we store information about you for? 

We are a regulated financial services entity and as such we are subject to prescribed retention periods in relation to personal data. We are also required to retain personal data to comply with limitation periods prescribed by law. 

We operate a data retention policy for each jurisdiction in which we operate which sets out the specific periods we will hold information and when we need to destroy information that we no longer require for legal, regulatory or commercial reasons.

For the United Kingdom, generally our retention period will be up to six years. However, this may be longer in some instances, when for example dealing with a claim whereby we would need to hold the information for a period relevant to the time the claim is being handled.   

For other jurisdictions we will be subject to the requirements of the relevant jurisdiction in question and this may not always mirror those of the United Kingdom.

Overall the criteria used to establish the period for which personal data will be stored is determined by regulatory or legal and requirements. This is also supported by a North Group Policy that such information must not be kept for any longer than necessary to fulfil the purposes for which it was collected.

 

5. What are your rights? 

You have the following rights:

  • Right of access - request access to any personal data we hold about you;
  • Right of rectification - have any personal data which we hold about you which is inaccurate or incomplete rectified;
  • Right to be forgotten - have personal data erased;  
  • Right to restriction of processing - have the processing of your personal data restricted;
  • Right of portability – To be provided with the personal data that you have supplied to us in a portable format that can be transmitted to another organisation without hindrance;
  • Right to object - object to certain types of processing, including processing based on legitimate interests, automated processing (which includes profiling) and processing for direct marketing purposes; and
  • Right to object to automated processing , including profiling - not be subject to a decision that is based solely on automated processing which produces a legal effect or which has a similar significant effect for you.

If you wish to exercise any of the rights set out above, you must make the request in writing to the Data Protection Office (Details above). Please note some of these rights are restricted in some circumstances.

If you have provided your consent to any of the processing of your personal data, you have the right to withdraw your consent to that processing at any time, where relevant. Please contact the Data Protection Officer if you wish to do so.

If you object to processing based on legitimate interests, we must no longer process that personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or that the processing is required for the establishment, exercise or defence of legal claims.

 

6. For individuals located outside of the EU

 

Australia

 

The North Group is aware of and seeks  at all times to comply with the Australian Privacy Principles (Apps) set out in the Privacy Act 1988 as amended by the Privacy Amendment (Enhancing Privacy Protections) Act 2012 (the Privacy Act) when managing and maintaining personal information in the course of its Australian business.

For the purposes of the Privacy Notice, “Personal Data” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in material form or not.

“Special Category Data” means information or an opinion about:

  • Racial or ethnic origin
  • Political opinions
  • Membership of political association
  • Religious beliefs or affiliations
  • Philosophical beliefs
  • Membership of a professional or a trade association
  • Membership of a trade union
  • Sexual orientation or practices
  • Criminal record that is also personal information
  • Health information about an individual
  • Genetic information about an individual that is not otherwise health information
  • Biometric information that is to be used for the purposes of automated biometric identification or verification, or
  • Biometric templates

If you have any specific questions regarding the manner in which North Group manages and maintains your Personal Information please contact us directly.

The North Group will only use and share the data we collect from you for the reasons described in “1. What information do we collect about you?” and “2. Who do we share information about you with?” We will not use your personal information for any other purpose without your consent, unless compelled to do so by an Australian Law, court or tribunal order, or enforcement body.

You may submit any questions or issues to the UK Data Protection Officer at DPO@nepia.co.uk who will come back to you within 15 days.

If we have not come back to you within 15 days or you are unhappy with the response you may submit a complaint to the Office of the Australian Information Commissioner at www.oaic.gov.au. The North Group will deal with the complaint in accordance with the requirements of the Privacy Act and the APPs.

A copy of the Sunderland Marine Insurance Company Limited (Sunderland Marine) Australian Privacy Statement can be found at www.sunderlandmarine.com/australia/privacy-policy

 

New Zealand

 

The North Group seeks at all times to comply with the New Zealand Privacy Act 1993 and Privacy Principles.

For the purposes of the Privacy Notice, “Personal Data” and “Special Category Data” relate to any information about an identifiable individual.

If you are in New Zealand you may submit any questions or issues to the UK Data Protection Officer at DPO@nepia.co.uk who will come back to you within 30 days.

If we have not come back to you within 30 days or you are unhappy with the response you may submit a complaint to the Office of the Privacy Commissioner at www.privacy.org.nz

 

Singapore

 

For the purposes of the Privacy Notice, “Personal Data” and “Special Category Data” relates to data, whether true or not, about an individual (whether living or recently deceased) who can be identified:

  • From that data; or
  • From that data and other information to which the organisation has or is likely to have access.

If you are in Singapore you may submit any questions or issues to the UK Data Protection Officer at DPO@nepia.co.uk who will come back to you within 30 days.

If we have not come back to you within 30 days or you are unhappy with the response you may submit a complaint to the Personal Data Protection Commission at www.pdpc.gov.sg

 

Japan

 

For the purposes of the Privacy Notice, “Personal Data” is information about a living individual which can identify a specific individual by name, date of birth or other description contained in such information.

“Special Category Data” includes information about a person’s race, creed, social status, medical history, criminal record, any crimes a person has been a victim of, and any other information that might cause the person to be discriminated against.

If you are in Japan you may submit any questions or issues to the UK Data Protection Officer at DPO@nepia.co.uk who will come back to you within 30 days.

If we have not come back to you within 30 days or you are unhappy with the response you may submit a complaint to the Personal Information Protection Commission at www.ppc.go.jp

 

Hong Kong

 

For the purposes of the Privacy Notice, “Personal Data” and “Special Category” data is defined as:

  • Relating directly or indirectly to a living individual
  • From which it is practical for the identity of the individual to be directly or indirectly ascertained, and
  • In a form in which access to or processing of the data is practicable

Please note that the provision of such data is voluntary however the refusal to provide the data may limit North’s ability to provide the services requested.

If you are in Hong Kong you may submit any questions or issues to the UK Data Protection Officer at DPO@nepia.co.uk who will come back to you within 30 days.

If we have not come back to you within 30 days or you are unhappy with the response you may submit a complaint to The Office of the Privacy Commissioner for Personal Data at www.pcpd.org.hk

 

How do I make a complaint to a supervisory authority? 

Any breach of the GDPR / Data Protection Act will be taken seriously and if you consider that the data protection principles have not been followed in respect of personal data about yourself or others you have the right to lodge a complaint with the relevant data protection supervisory authority.

Our data protection supervisory authority is the United Kingdom’s Information Commissioners Office.  If you have any issues with our processing of your personal data and would like to make a complaint, you may contact the Information Commissioner's Office on 0303 123 1113 or at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom.

 

Cookie policy                                                                                                

A cookie is a small piece of data that websites store on your computer. We use cookies which are designed to improve your experience of our website and to help us evaluate the performance of our site in order to provide you with a better user experience.

We use two types of cookies on our website:

1. Session Cookies

We use two types of session cookies on our website. One is automatically added to your computer when you access our website and is used to store anonymous information about your activities during your visit. For example, when you filter by department on the Meet the Team page of this site, the cookie remembers your choice so it can be restored automatically if you leave the page and return to it later during your session. This cookie stays on your computer for the duration of your visit and is automatically erased when you close your browser.

The second session cookie that we use is added to your computer when you adjust the text size of the website. The cookie remembers your chosen text size for future visits so you do not need to change it manually every time. The cookie remains on your computer for 12 months and is automatically deleted after this period.

2. Persistent Cookies

Persistent cookies remember who you are and remain on your computer between sessions allowing us to recognise you when you return to the site. We use Google Analytics to evaluate the performance of our site and to compile reports which help us to make improvements to the site, e.g. most popular pages visited. Google Analytics works by placing a number of persistent cookies on your computer which enable it to gather anonymous browser data about your visits to our website. For further information on these cookies please visit www.google.com/analytics/learn/privacy.html

If you would like to change your settings to stop cookies from our website, please visit https://www.aboutcookies.org/ or http://www.allaboutcookies.org/ for more information.  You may change your settings at any time however this may affect your ability to use certain functions on our website.

You can also opt out of being tracked by Google Analytics, please visit http://tools.google.com/dlpage/gaoptout.

If you do not change your settings, we will assume that you are happy to receive the cookies on our website as described above. 

For more information, please contact Craig Robinson (craig.robinson@nepia.com).

  

Changes to the Policy 

This Policy was last updated May 2018. We reserve the right to make changes to this policy as required.

 

Further Information 

If you require this privacy notice information to be provided to you in paper form please contact our Data Protection Officer, at DPO@nepia.com or telephone on 0191 232 5221.