É«¶à¶àÊÓƵ

 
É«¶à¶àÊÓƵ
É«¶à¶àÊÓƵ
Product Family
Product Family
Industries
Industries
Reinsurance
Reinsurance
Explore our offerings
Explore our offerings
Claims
Claims
Risk Consulting
Risk Consulting
Resources & Tools
Resources & Tools
Resources and Tools
Resources and Tools
About AXA XL
About AXA XL
About AXA XL
About AXA XL
Media Center
Media Center
Careers
Careers
Get In Touch
Get In Touch

UK Privacy Notice

General

É«¶à¶àÊÓƵis committed to compliance with data protection laws. This Privacy Notice describes how É«¶à¶àÊÓƵ together with other members of its group as set out below (É«¶à¶àÊÓƵ we, us, our) collects, uses, shares and secures your personal information when we provide our services as an insurance and reinsurance business. For the purposes of this notice, references to insurance also mean reinsurance.

This notice also describes your rights regarding use, access and correction of your personal information.

You may also find it useful to review the London É«¶à¶àÊÓƵ Market Core Uses Information Notice, which explains how the various insurance market participants, e.g. intermediaries, insurers and reinsurers, use personal information. Our core uses and disclosures of personal information are consistent with the London Market Core Uses Information Notice.

As an insurance and reinsurance business, we need to obtain information about the individuals covered under an insurance policy, or individuals that are beneficiaries of, or have made claims under, an insurance policy, or individuals who are involved in an incident giving rise to an insurance claim. This is so that we can properly assess the risks associated with providing insurance or reinsuring the policies issued by another insurer and administer and manage our products and services. This privacy notice applies to any individual whose personal information we process in the course of providing the services including any third parties (each a data subject or you).

Brokers, Intermediaries, Law Firms, Partners, Employers and Other Third Parties

If you provide us with information about someone else, we will process their personal information in line with this privacy notice. Please ensure you provide them with this notice and encourage them to read it as it describes how we collect, use, share and secure personal information when we provide our services as an insurance and reinsurance business.

To understand how your personal data is processed please read the relevant section below.

The relevant É«¶à¶àÊÓƵcompany that is acting as controller of your personal data will be set out in our correspondence or documentation that we provide to you. For example, if you are a policyholder, it will be set out in the relevant policy documentation. We set out a full list of controllers below:

  • É«¶à¶àÊÓƵɫ¶à¶àÊÓƵ Company UK Limited, company number 05328622;
  • AXA XL Underwriting Agencies Limited, company number 01815126;
  • Angel Risk Management Limited, company number 02942487;
  • XL Catlin Services SE (UK Branch), UK establishment number BR023389;
  • XL Re Europe SE (UK Branch), UK establishment number BR023446;
  • XL É«¶à¶àÊÓƵ Company SE (UK Branch), UK establishment number BR023386.

In some circumstances, the relevant controller will be a joint controller with another É«¶à¶àÊÓƵgroup company. This means that one or more of our group companies jointly determine how your personal data will be processed and you may be able to exercise your rights in respect of one or more companies. If you have any questions about the joint controller relationship of these É«¶à¶àÊÓƵgroup companies, please contact us via the details below.

What personal information do we collect and use?

The personal information that we collect will depend on your relationship with us.

IF YOU ARE A POLICYHOLDER OR A BENEFICIARY UNDER A POLICY (OR A POTENTIAL POLICYHOLDER OR BENEFICIARY)

The personal information we use

The type of information we may collect and process about you will depend upon the type of insurance we are offering or underwriting, and the relevant circumstances of any claim made. We set out the most common categories of data below.

  • Personal details: name, age, gender, date of birth, photographs, marital status, nationality, height and weight, leisure activities and interests.
  • Identification information: passport details, driving licence, national insurance number, driving record.
  • Contact Information: address, telephone numbers and email address, social media handles.
  • Information about your family and home: Details of your marital status, number of children and name, age and gender of children, your dwelling type, your household income, home valuation and household demographics. This may include details about your children for example where they are the insurance beneficiaries.
  • Employment and experience information: Your employment history, job role, salary, employment benefit options, educational background and any professional licences and qualifications.
  • Financial information: Details relating to your bank account, annual income, investment/savings, credit history and transaction history.
  • Information to conduct our business: Information relating to underwriting insurance products and managing and processing insurance claims, such as previous insurance records and claims history, services relating to our businesses and your business dealings or relationship with us.
  • Information for the detection and prevention of financial crime: Information (including identification verification documents such as copies of passport including photographs). Information obtained from publicly available sources such as social media sites in the event that we suspect fraudulent activity, information we obtain as a result of checking sanctions lists, such as those published by United Nations European Union UK Treasury - Office of Financial Sanctions Consolidated List the U.S. Office of Foreign Assets Control (OFAC) and the U.S. Department of Commerce, Bureau of Industry and Security.
  • Information such as IP address and browsing history obtained through our use of cookies: You can find more information about this in our cookies policy which can be found at Cookie Policy É«¶à¶àÊÓƵ| AXA XL
  • Information obtained during telephone conversations (transcripts).
  • Details of your customer experience with us.
  • Information about your vulnerability (or suspected vulnerability) where necessary to ensure that we provide fair treatment.

Sensitive personal information

Some of the categories of information we collect are special categories of personal information (sometimes referred to as "sensitive personal information”). These include:

  • Health records (such as your medical history, prescription history and reports on medical diagnoses, tests and treatment).
  • Family medical history.

In limited circumstances, information about your personal characteristics and circumstances of a sensitive nature such as your racial or ethnic origin, sexual orientation, or trade union membership if relevant to your policy or claim. For example, we may process information relating to your trade union membership if such membership results in you being a politically exposed person. In limited circumstances, we may also collect information about criminal convictions or offences (including allegation of criminal activity) where authorised by law.

How we collect personal information

We collect personal information from you directly when you provide it to us, for instance if you submit information as part of your insurance application or claim or contact us.

We also collect your personal information from a variety of third-party sources including:

  • other companies within the É«¶à¶àÊÓƵgroup.
  • other insurance companies.
  • third parties including claims handlers, loss adjusters and expert witnesses who are involved in a claim or assist us in investigating or processing claims.
  • third party evidence providers such as witnesses to incidents.
  • public sources, such as public databases (for example confirming property title information with the Land Registry).
  • insurance brokers or other intermediaries, introducers or business partners;
  • healthcare service providers such as individual consultants, private hospital facilities and rehabilitation service providers.
  • financial institutions and credit reference agencies;
  • relevant organisations for fraud and financial crime prevention purposes (including crime detection agencies and databases (such as the É«¶à¶àÊÓƵ Fraud Bureau, Companies House, Office of Financial Sanctions Consolidated List and Financial Conduct Authority Register,
  • individuals that you may be associated with (e.g. joint account holders, company employees or directors, family members, etc.);
  • government agencies, industry bodies and regulators such as HMRC, the Financial Ombudsman Service and the Financial Conduct Authority; and
  • other third-party sources where necessary which will usually be where we are complying with our legal obligations regarding money laundering and other financial crimes.

Purpose and Legal Basis of the Data Processing

We process your personal information in compliance with all relevant data protection laws including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA), the applicable provisions affecting or ensuring data privacy within the É«¶à¶àÊÓƵ Act 2015, as well as all other applicable laws. The UK GDPR requires us to have a legal basis for processing your personal information. In most cases the legal basis will be one of the following:

  • to fulfil our contractual obligations to you, for example to provide you with insurance cover, including handling claims.
  • to comply with our legal obligations, such as client due diligence and reporting obligations, and responding to requests from regulators, law enforcement authorities or other government authorities;
  • to meet our legitimate interests, for example to improve our services, to ensure we price our products appropriately, to manage risk, to manage our business efficiently, to perform audits, and to maintain accurate records. When we process personal information to meet our legitimate interests, we always balance these against your fundamental rights and freedoms and put in place robust safeguards to ensure that your privacy is protected;
  • you have consented to us processing your personal information for specified purposes.

If it is necessary for us to process your sensitive personal information for one of the purposes listed above, we will only do so where one of the following applies:

  • for reasons of substantial public interest including:
    • insurance purposes;
    • complying with legal or regulatory obligations relating to unlawful acts and dishonesty;
    • preventing or detecting unlawful acts;
    • preventing fraud;
    • safeguarding economic well-being
  • we have obtained your explicit consent;
  • to establish, exercise or defend legal claims;
  • to protect your vital interests or someone else’s.

Purposes

Legal basis for using your personal information

Legal basis for using your sensitive personal information

The conclusion and the performance of the insurance contract including providing quotations

- Performance of a contract
- Compliance with a legal obligation
- Legitimate interests

- Necessary for insurance purposes
- Explicit consent

Handling insurance claims

- Performance of a contract
- Compliance with a legal obligation

- Necessary for insurance purposes
- Compliance with a legal obligation
- Legal claims
- Explicit consent
- Vital interests

To guarantee IT security and IT operations including testing,

- Legitimate interests

Not applicable

For the marketing of our insurance products and other products by AXA Group companies and their cooperation partners, as well as for market surveys and opinion polls

- Legitimate interests

Not applicable

The prevention of fraud and prosecution of criminal offences. In particular, we use data analysis and research (including using publicly available information [including social media]) to prevent and detect insurance fraud,

- Legitimate interests
- Legal obligation
- Performance of a contract

- Necessary for insurance purposes
- Legal claims
- Regulatory obligation relating to unlawful acts or dishonesty
- Prevent or detect crime
- Prevent fraud

Risk management within É«¶à¶àÊÓƵand the É«¶à¶àÊÓƵgroup

- Legitimate interests

Not Applicable

Business management and the improvement of processes, services and products

- Legitimate interests

Not applicable

To fulfil our legal and regulatory obligations

- Legal obligation

- Necessary for insurance purposes
- Legal claims
- Regulatory obligations relating to unlawful acts or dishonesty

Management of complaints

- legitimate interests
- Legal or regulatory obligations

- Necessary for insurance purposes
- Compliance with a legal obligation
- Legal claims
- Explicit consent

Training of employees

- Legitimate interests

Not applicable

Auditing

- Legitimate interests
- Legal or regulatory obligations

Not applicable

Defending or enforcing legal rights

- Legal or regulatory obligations

- Compliance with a legal obligation
- Legal claims

To buy or sell group companies or to restructure our business.

- Legal or regulatory obligations
- Legitimate interests

- Explicit Consent

Artificial Intelligence

Artificial Intelligence is an umbrella term for a range of technologies that replace manual processes and solve complex tasks by carrying out functions that previously required human action or input. Certain tasks are increasingly being supported by AI. AI can be used for a number of different functions, for example, grouping data (identifying common characteristics or properties), classifying or labelling data, or using data to come to or recommend a decision or determine an action.

'Generative AI’ is a particular type of AI involving systems or models that are capable of creating new content (based on the data that they have been trained on) when given an instruction or input prompt by the user. The difference between generative AI and other AI technologies is that generative AI creates or generates ‘net-new’ outputs, which could be text or graphics. Generative AI analyses the data that it has been trained on (using machine learning algorithms) in order to create something entirely new based on the instruction that it has been given and its analysis, mimicking human creativity and intelligence.

We may use AI systems and tools (including generative AI) to support our activities and for different purposes which we explain in more detail below.

I. Business process improvement and efficiency, information security

We use AI to improve our business processes with a particular focus on simplifying complex processes, ensuring consistent standards and driving efficiencies. For example, we use AI to help triage, organise and compile documents, extract data for entry into the relevant systems and translate or summarise text. We also use AI to support our business management and development initiatives with activities such as idea generation and trends prediction, the creation of content and for research tasks, including internal and external communications. We also use AI to support our information security practices (for example, by automatically detecting potential data loss).

II. Training AI

We may use personal information (for example where it is not possible to use anonymised data) as part of the development and training phase of an AI solution to be used in the provision of our insurance services. Where we use personal information for such training the lawful basis we will rely on is that it is necessary for the purposes of our legitimate interest in using an AI tool to assist in improving the efficiency and accuracy of our services, managing our business efficiently and maintaining accurate records.

When we process personal information on the basis that we have a legitimate interest to do so, we always balance this against your fundamental rights and freedoms and put in place robust safeguards to ensure that your privacy is protected.

If it is necessary to process your health data for this purpose we will only do so where one of the following applies:

  • For reasons of substantial public interest including insurance purposes
  • It is in the public interest and is necessary for scientific or statistical purposes

Where we process health data we always put in place robust safeguards to ensure that your privacy is protected.

Who will we share your personal information with?

From time to time, we may share your personal information with other companies in the É«¶à¶àÊÓƵgroup or with third parties including the following:

Reinsurers: We sometimes buy our own insurance to insure the risks we accept with special insurance companies (known as “reinsurers”). It may be necessary to share your personal information with a reinsurer or its appointed third party carrying out specific activities on its behalf, that it may form its own opinion of the risk or the claim or to provide advice or expertise in risk or benefit assessment or in the evaluation of procedural matters.

Intermediaries such as insurance brokers:

Other companies within the wider É«¶à¶àÊÓƵGroup:

External service providers: In some cases, we use external service providers such as experts, appraisers, lawyers, loss adjustors; accountants, auditors and other professional service firms, medical professionals, service companies, including payment service providers, IT companies, postal and document management services; advertisers and advertising networks.

Your previous insurer

Other recipients: We may share your personal data with other recipients, such as relevant organisations for fraud prevention purposes, our regulators, public authorities and government agencies such as HMRC, DWP, the police, financial institutions (e.g. to process payment transactions), credit agencies (e.g. to check creditworthiness) or relevant organisations and databases for fraud prevention purposes (for example Motor Insurers Anti-Fraud and Theft Register (MIAFTR), É«¶à¶àÊÓƵ Fraud Bureau (IFB), & Motor É«¶à¶àÊÓƵ Bureau (MIB).

  • IF YOU ARE A THIRD-PARTY CLAIMANT

    • The personal information we use

      The type of information we may collect and process about you will depend upon the type of insurance under which a claim is being made. We set out the most common categories of data below.

      • Personal details: name, age, gender, date of birth, photographs, marital status, nationality, height and weight, leisure activities and interests.
      • Identification information: passport details, driving licence, national insurance number, driving record.
      • Contact Information: address, telephone numbers and email address, social media handles.
      • Information about your family and home: Your family medical history, number of children and name, age and gender of children, your dwelling type, your household income, home valuation and household demographics.
      • Employment and experience information: Your employment history, job role, salary, employment benefit options, educational background and any professional licences and qualifications.
      • Financial information: Details relating to your bank account, annual income, investment/savings, credit history and transaction history.
      • Information to conduct our business: Information relating to underwriting insurance products and managing and processing insurance claims, such as previous insurance records and claims histories, services relating to our businesses and your business dealings or relationship with us.
      • Information for the detection and prevention of financial crime: Information (including identification verification documents such as copies of passport including photographs). Information obtained from publicly available sources such as social media sites in the event that we suspect fraudulent activity, information we obtain as a result of checking sanctions lists, such as those published by United Nations European Union, UK Treasury, the U.S. Office of Foreign Assets Control (OFAC)and the U.S. Department of Commerce, Bureau of Industry and Security.
      • Information such as IP address and browsing history obtained through our use of cookies. You can find more information about this in our cookies policy which can be found at Cookie Policy É«¶à¶àÊÓƵ| AXA XL
      • Information obtained during telephone conversations (transcripts).

      Sensitive Personal information

      Some of the categories of information we collect are special categories of personal information (sometimes referred to as "sensitive personal information”). These include:

      • Health records (such as your medical history, prescription history and reports on medical diagnoses, tests and treatment).
      • Family medical history. In limited circumstances, information about your personal characteristics and circumstances of a sensitive nature such as your racial or ethnic origin, sexual orientation, sex life, or trade union membership if relevant to your policy or claim. For example, we may process information relating to your trade union membership if such membership results in you being a politically exposed person.

      We may also collect information about criminal convictions or offences (including allegation of criminal activity) where we are permitted to do so.

      How we collect personal information

      We collect personal information from you directly when you provide it to us, for instance if you submit application forms to be considered for insurance products or contact us.

      We also collect your personal information from a variety of sources including:

      • the policyholder;
      • other companies within our group;
      • other insurance companies;
      • third parties such as claims handlers, loss adjusters and expert witnesses who are involved in a claim or assist us in investigating or processing claims;;
      • third party evidence providers such as witnesses to incidents;
      • public sources, such as public databases (where permitted by law);
      • healthcare service providers such as individual consultants, private hospital facilities and rehabilitation service providers;
      • financial institutions such as credit reference agencies;
      • relevant organisations for fraud and financial crime prevention purposes (including crime detection agencies and databases (such as for fraud prevention and checking international sanctions)), including the É«¶à¶àÊÓƵ Fraud Bureau, Companies House, Office of Financial Sanctions Consolidated List and Financial Conduct Authority Register;
      • individuals that you may be associated with (e.g. joint account holders, company employees or directors, family members, etc.);
      • government agencies, industry bodies and regulators such as HMRC, the Financial Ombudsman Service and the Financial Conduct Authority;

      Purpose and Legal Basis of the Data Processing

      We process your personal information in compliance with all relevant data protection laws including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA), the applicable provisions affecting or ensuring data privacy within the É«¶à¶àÊÓƵ Act 2015, as well as all other applicable laws. The UK GDPR requires us to have a legal basis for processing your personal information. In most cases the legal basis will be one of the following:

      • to fulfil our contractual obligations to you, for example to provide you with insurance cover, including handling claims;
      • to comply with our legal obligations, such as client due diligence and reporting obligations, and responding to requests from regulators, law enforcement authorities or other government authorities;
      • to meet our legitimate interests, for example to improve our services, to ensure we price our products appropriately, to manage risk, to manage our business efficiently, to perform audits, and to maintain accurate records. When we process personal information to meet our legitimate interests, we always balance these against your fundamental rights and freedoms and put in place robust safeguards to ensure that your privacy is protected;
      • you have consented to us processing your personal information for specified purposes

      If it is necessary that we process your sensitive personal information for one of the purposes listed above, we will only do so where one of the following applies:

      • for reasons of substantial public interest including:
        • insurance purposes;
        • complying with legal or regulatory obligations relating to unlawful acts and dishonesty;
        • preventing or detecting unlawful acts;
        • preventing fraud;
      • we have obtained your explicit consent;
      • to establish, exercise or defend legal claims;
      • to protect your vital interests or someone else’s.

      Purposes

      Legal basis for using your personal information

      Legal basis for using your sensitive personal information

      Handling insurance claims

      - Legitimate interests
      - Legal obligation
      - Legitimate interests

      - Necessary for insurance purposes
      - Explicit consent
      - Legal Claims

      To guarantee IT security and IT operations including testing,

      - Legitimate interests

      Not applicable

      The prevention of fraud and prosecution of criminal offences. In particular, we use data analysis and research (including using publicly available information [including social media]) to prevent and detect insurance fraud,

      - Legitimate interests
      - Legal obligation
      - Performance of a contract

      - Necessary for insurance purposes
      - Legal claims
      - Regulatory obligation relating to unlawful acts or dishonesty
      - Prevent or detect crime
      - Prevent fraud

      Risk management within É«¶à¶àÊÓƵand the É«¶à¶àÊÓƵgroup

      - Legitimate interests

      Not Applicable

      Business management and the improvement of processes, services and products

      - Legitimate interests

      Not applicable

      To fulfil our legal and regulatory obligations

      - Legal obligation

      - Necessary for insurance purposes
      - Legal claims
      - Regulatory obligations relating to unlawful acts or dishonesty

      Management of complaints

      - legitimate interests
      - Legal or regulatory obligations

      - Necessary for insurance purposes
      - Compliance with a legal obligation
      - Legal claims
      - Explicit consent

      Training of employees

      - Legitimate interests

      Not applicable

      Auditing

      - Legitimate interests
      - Legal or regulatory obligations

      Not applicable

      Defending or enforcing legal rights

      - Legal or regulatory obligations

      - Compliance with a legal obligation
      - Legal claims

      To buy or sell group companies or to restructure our business.

      - Legal or regulatory obligations
      - Legitimate interests

      - Explicit Consent

      To identify and support vulnerable customers or potentially vulnerable customers

      - Performance of a contract
      - Legitimate interests

      - Necessary for insurance purposes
      - Safeguarding economic well-being
      - Consent

       

      Categories of recipient of the personal data

      Reinsurers:

      We insure the risks we accept with special insurance companies (reinsurers). It may be necessary to share your personal information with a reinsurer so that it may form its own opinion of the risk or the claim or to provide advice or expertise in risk or benefit assessment or in the evaluation of procedural matters.

      Data processing within AXA Group:

      Specialist companies or divisions within our group of companies are assigned central responsibility for certain data processing tasks for the group of affiliated companies. Where you have entered into an insurance contract with one or several companies in our group, your personal information may be processed centrally by a group company, for instance for the central management of address data, for telephone customer service, for the processing of contracts and benefits/claims, for collections/disbursements or for the central processing of mail.

      External service providers:

      In some cases, we use external service providers. These may include: experts, appraisers, lawyers, loss adjustors; accountants, auditors and other professional service firms, medical professionals service companies, including payment service providers, IT companies, postal, and document management services; advertisers and advertising networks to send you marketing communications in accordance with your marketing preferences.

      Your Representatives:

      We may share personal information with your representatives if you have one such as your intermediary or insurer or your lawyer.

      Other recipients:

      We may share your personal data with other recipients, such as relevant organisations for fraud prevention purposes, our regulators, public authorities and government agencies such as HMRC, DWP, the police, financial institutions (e.g. to process payment transactions), credit agencies (e.g. to check creditworthiness -) or relevant organisations and databases for fraud prevention purposes (for example Motor Insurers Anti-Fraud and Theft Register (MIAFTR), É«¶à¶àÊÓƵ Fraud Bureau (IFB)).

  • IF YOU ARE A WITNESS TO AN INCIDENT

    • The personal information we may use

      The personal information we use may include any of the below:

      • Personal details: name, age, gender, date of birth.
      • Identification information: passport details, driving licence, national insurance number, driving record.
      • Other information that you provide in relation to the incident that you have witnessed.

      Sensitive personal information

      In limited circumstances, we may process other sensitive personal information including:

      • details of your race; ethnicity; religious or philosophical beliefs; political opinions; trade union membership; genetic or biometric data; or data concerning your sex life or sexual orientation if relevant to your role as a witness.

      How we collect personal information

      We collect personal information from you directly when you provide it to us. We will also collect personal information from a variety of sources including:

      • other companies within our group;
      • other third parties involved in the incident;
      • publicly available sources
      • government agencies, industry bodies and regulators such as HMRC, the Financial Ombudsman Service and the Financial Conduct Authority.

      Purpose and Legal Basis of the Data Processing

      We process your personal information in compliance with all relevant data protection laws including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA), the applicable provisions affecting or ensuring data privacy within the É«¶à¶àÊÓƵ Act 2015, as well as all other applicable laws. The UK GDPR requires us to have a legal basis for processing your personal information. In most cases the legal basis will be one of the following:

      • to fulfil our contractual obligations to you;
      • to comply with our legal obligations, such as client due diligence and reporting obligations, and responding to requests from regulators, law enforcement authorities or other government authorities;
      • to meet our legitimate interests, for example to improve our services, to ensure we price our products appropriately, to manage risk, to manage our business efficiently, to perform audits, and to maintain accurate records. When we process personal information to meet our legitimate interests, we always balance these against your fundamental rights and freedoms and put in place robust safeguards to ensure that your privacy is protected;
      • you have consented to us processing your personal information for specified purposes.

      If it is necessary that we process your sensitive personal information for one of the purposes listed above, we will only do so where one of the following applies:

      • for reasons of substantial public interest including:
        • insurance purposes;
        • complying with legal or regulatory obligations relating to unlawful acts and dishonesty;
        • preventing or detecting unlawful acts;
        • preventing fraud;
      • we have obtained your explicit consent;
      • to establish, exercise or defend legal claims;
      • to protect your vital interests or someone else’s.

      To fulfil our legal and regulatory obligations

      Purposes

      Legal basis for using your personal information

      Legal basis for using your sensitive personal information

      Handling insurance claims

      - Legitimate interests
      - Legal obligation
      - Legitimate interests

      The prevention of fraud and prosecution of criminal offences. In particular, we use data analysis and research (including using publicly available information [including social media]) to prevent and detect insurance fraud,

      - Legitimate interests
      - Legal obligation
      - Performance of a contract

      - Necessary for insurance purposes
      - Legal claims
      - Regulatory obligation relating to unlawful acts or dishonesty
      - Prevent or detect crime
      - Prevent fraud

      - Legal obligation

      - Necessary for insurance purposes
      - Legal claims
      - Regulatory obligations relating to unlawful acts or dishonesty

      Categories of recipient of the personal data

      Data processing within AXA Group:

      Specialist companies or divisions within our group of companies are assigned central responsibility for certain data processing tasks for the group of affiliated companies. Your personal information may be processed centrally by a group company, for instance for the central management of address data, for telephone customer service, for the processing of contracts and benefits/claims, for collections/disbursements or for the central processing of mail.

      Insurers and intermediaries:

      We may share your personal information with other insurers, reinsurers or insurance intermediaries.

      External service providers:

      In some cases, we use external service providers. These may include: experts, appraisers, lawyers, loss adjustors; accountants, auditors and other professional service firms, medical professionals service companies, including payment service providers, IT companies, postal, and document management services; advertisers and advertising networks to send you marketing communications in accordance with your marketing preferences.

      Other recipients:

      We may share your personal data with other recipients, such as relevant organisations for fraud prevention purposes, our regulators, public authorities and government agencies such as HMRC, DWP, the police, financial institutions (e.g. to process payment transactions), credit agencies (e.g. to check creditworthiness) or relevant organisations and databases for fraud prevention purposes (for example Motor Insurers Anti-Fraud and Theft Register (MIAFTR), É«¶à¶àÊÓƵ Fraud Bureau (IFB)).

  • IF YOU ARE A BROKER, INTERMEDIARY OR OTHER BUSINESS PARTNER

    • The personal information we use

      The personal information we use may include any of the below:

      • Personal details: name, age, gender, date of birth.
      • Identification information: passport details, driving licence, national insurance number, driving record.
      • Contact Information: address, telephone numbers and email address, social media handles.
      • Due diligence information provided to É«¶à¶àÊÓƵduring the start of Business relationship

      Sensitive Personal information

      We may collect information about criminal convictions or offences (including allegation of criminal activity) where we are permitted to do so.

      How we collect personal information

      We collect personal information from you directly when you provide it to us. We will also collect your personal information from a variety of sources including:

      • other companies within our group;
      • other insurance companies;
      • publicly available sources;
      • third party providers that support our due diligence processes;
      • government agencies, industry bodies and regulators such as HMRC, the Financial Ombudsman Service and the Financial Conduct Authority.

      Purpose and Legal Basis of the Data Processing

      We process your personal information in compliance with all relevant data protection laws including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA), the applicable provisions affecting or ensuring data privacy within the É«¶à¶àÊÓƵ Act 2015, as well as all other applicable laws. The UK GDPR requires us to have a legal basis for processing your personal information. In most cases the legal basis will be one of the following:

      • to fulfil our contractual obligations to you;
      • to comply with our legal obligations, such as client due diligence and reporting obligations, and responding to requests from regulators, law enforcement authorities or other government authorities;
      • to meet our legitimate interests, for example to improve our services, to ensure we price our products appropriately, to manage risk, to manage our business efficiently, to perform audits, and to maintain accurate records. When we process personal information to meet our legitimate interests, we always balance these against your fundamental rights and freedoms and put in place robust safeguards to ensure that your privacy is protected;
      • you have consented to us processing your personal information for specified purposes.

      If it is necessary that we process your sensitive personal information for one of the purposes listed above, we will only do so where one of the following applies:

      • for reasons of substantial public interest including:
        • insurance purposes;
        • complying with legal or regulatory obligations relating to unlawful acts and dishonesty;
        • preventing or detecting unlawful acts;
        • preventing fraud;
      • we have obtained your explicit consent;
      • to establish, exercise or defend legal claims;
      • to protect your vital interests or someone else’s.

      Purposes

      Legal basis for using your personal information

      Legal basis for using your sensitive personal information

      Managing our relationship with you and with your customer

      - Performance of a contract
      Legitimate interests

      Not applicable

      The prevention of fraud and prosecution of criminal offences. In particular, we use data analysis and research (including using publicly available information [including social media]) to prevent and detect insurance fraud,

      - Legitimate interests
      - Legal obligation
      - Performance of a contract

      - Necessary for insurance purposes
      - Legal claims
      - Regulatory obligation relating to unlawful acts or dishonesty
      - Prevent or detect crime
      - Prevent fraud

      Business management and the improvement of processes, services and products

      - Legitimate interests

      Not applicable

      To fulfil our legal and regulatory obligations

      - Legal obligation

      - Necessary for insurance purposes
      - Legal claims
      - Regulatory obligations relating to unlawful acts or dishonesty

      Categories of recipient of the personal data

      Data processing within AXA Group:

      Specialist companies or divisions within our group of companies are assigned central responsibility for certain data processing tasks for the group of affiliated companies. Where you have entered into an insurance contract with one or several companies in our group, your personal information may be processed centrally by a group company, for instance for the central management of address data, for telephone customer service, for the processing of contracts and benefits/claims, for collections/disbursements or for the central processing of mail.

      Insurers and intermediaries:

      We may share your personal information with other insurers, reinsurers or insurance intermediaries.

      External service providers:

      In some cases, we use external service providers. These may include: experts, appraisers, lawyers, loss adjustors; accountants, auditors and other professional service firms, medical professionals service companies, including payment service providers, IT companies, postal, and document management services; advertisers and advertising networks to send you marketing communications in accordance with your marketing preferences.

      Other recipients:

      We may share your personal data with other recipients, such as relevant organisations for fraud prevention purposes, our regulators, public authorities and government agencies such as HMRC, DWP, the police, financial institutions (e.g. to process payment transactions), credit agencies (e.g. to check creditworthiness) or relevant organisations and databases for fraud prevention purposes (for example Motor Insurers Anti-Fraud and Theft Register (MIAFTR), É«¶à¶àÊÓƵ Fraud Bureau (IFB)).

Privacy Pages

Your rights over your personal information

You have a number of rights under UK data protection laws which are further described below. You should be aware that not all these rights are absolute rights so we may not always be able to fulfil your request. All requests will be considered on a case by case basis in accordance with legal requirements. If we cannot fulfil your request we will always explain why.

You have the right to request:

  • access to a copy of your personal information and details of how we use it.
  • rectification or completion of inaccurate or incomplete information.
  • erasure of your personal information in certain circumstances.
  • restriction on our processing of your personal information in certain circumstances.
  • transfer of personal information that you have provided us, to a third party in certain circumstances.
  • that we stop processing your personal information if you have provided us with your consent to process your personal information.
  • that we stop processing your personal data for direct marketing purposes.
  • that we stop processing your personal data where we process your data to pursue our (or a third party’s) legitimate interests in certain circumstances.

To exercise any of these rights contact us by email at
dataprivacy@axaxl.com
or by post, write to us at:
Data Protection Officer, 20 Gracechurch Street, London, United Kingdom EC3V 0BG.

Automated decisions about you

The way we analyse personal information may involve profiling, which means that we may process your personal information using software that is able to evaluate your personal aspects and predict risks or outcomes. For example, this may occur when we are carrying out insurance risk assessments, for pricing purposes, or fraud prevention activities. We may also use profiling, or otherwise employ automated means, to make recommendations about you that relate to the basis on which we provide insurance to you.

However, there will always be human involvement in the final decisions we take, so you will not be subject to automated decision making.

You can contact us to request further information about this processing.

Marketing Activities

From time to time, we may use your personal information to inform you of other products and services that may be interest to you. We may do this by [mail or email. Where we send you electronic marketing, we will always include details of how you can unsubscribe or manage your marketing preferences so that we only contact you about products or services that may be relevant and of interest to you.

If you wish to unsubscribe from marketing emails sent by us, you may do so at any time by following the unsubscribe instructions that appear in all marketing emails from us. Otherwise, you can change your marketing preferences at any time by e-mailing us at dataprivacy@axaxl.com or writing to us at: Data Protection Officer, 20 Gracechurch Street, London, United Kingdom EC3V 0BG. In such circumstances, we will continue to send you non-marketing service-related communications where necessary.

Social media marketing

In order to show you adverts which we think may be relevant to your needs or interests, we’ll sometimes use your personal information to run audience-specific social media and digital advertising campaigns, for example on LinkedIn and Twitter. We also target individuals that have similar attributes to our customers. This means you may receive online advertising if you are not an existing customer, but you meet the profile of the type of person we are trying to target and share our adverts with.

If you don’t want to see our adverts, all you need to do is update your preferences within your social media and browser cookie settings. If you choose to opt out of tailored offers and advertising, you may still see generic advertising displayed online, but it might not be as relevant to you.

Period of data storage

We will erase your personal data as soon as it is no longer necessary for the purposes described in this Privacy Notice. However, this period may be extended by statutory retention or limitation periods. For this reason, data retention with É«¶à¶àÊÓƵis subject to an internal retention policy, that governs the deletion of data, taking into account the statutory minimum and maximum periods. As these periods may vary according to the purpose of the processing, please contact our Data Protection Officer for further information.

Data transfers to a third country

Your personal information may be transferred to, stored or processed outside the UK. Whenever we do this we ensure that adequate safeguards are in place to protect your privacy. These safeguards include:

  • transferring your personal information to countries that the UK considers to have adequate levels of data protection;
  • entering into contracts with third parties outside the UK, requiring them to protect your privacy.
  • Where we transfer personal data to É«¶à¶àÊÓƵcompanies outside the UK we do this through the use of a specific type of contract referred to as “”.

For more information on the appropriate safeguards in place, please contact our Data Protection Officer at dataprivacy@axaxl.com or write to us at: Data Protection Officer, 20 Gracechurch Street, London, United Kingdom EC3V 0BG.

Artificial Intelligence

Artificial Intelligence is an umbrella term for a range of technologies that replace manual processes and solve complex tasks by carrying out functions that previously required human action. Tasks that we have traditionally done by thinking and reasoning are increasingly being done by, or with the help of, AI.

We may use personal information as part of the development and training phase of an AI solution, for example where it is not possible to use anonymised data.

We use AI to support our existing activities. This means that how we collect your personal information and the types of personal information we use do not change. To use AI, we combine information you have provided to us directly, information we derive about you from your use of our services or your interactions with us, and information from other people and organisations. We use AI for to improve our business processes with a particular focus on simplifying complex processes, ensuring consistent standards and driving efficiencies. For example, we use AI to extract data for entry into relevant systems as well as for purposes of statistical actuarial calculation and pricing models.

Updates

We may update this Privacy Notice from time to time. We will notify you of any changes to the Privacy Notice, where we are required to do so. In particular, where changes to this Privacy Notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you notice in advance so that you have the opportunity to exercise your rights, for example, objecting to the processing.

We recommend that you check this Privacy Notice regularly for any changes.

Contact Us

If you have questions or concerns regarding the way in which your personal information has been used or to exercise any of your rights, please email our Data Protection Officer at dataprivacy@axaxl.com or write to us at: Data Protection Officer, 20 Gracechurch Street, London, United Kingdom EC3V 0BG.

We are committed to working with you to obtain a fair resolution of any complaint or concern about how we process your personal information. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the Information Commissioner's Office, Wycliffe House, Water Lane, Cheshire, SK9 5AF,

You may request a copy of this Privacy Notice by contacting us using the details above.

Last update February 2024

THIS AXA WEBSITE USES COOKIES

É«¶à¶àÊÓƵ as a controller, uses cookies to provide its services, improve user experience, measure audience engagement, and interact with users’ social network accounts among others. Some of these cookies are optional and we won't set optional cookies unless you enable them by clicking the "ACCEPT ALL" button. You can disable these cookies at any time via the "How to manage your cookie settings" section in our cookie policy.

Find Out More About the Cookie Policy Privacy Notice
Accept All
Refuse All
Cookie Settings