Privacy Policy
At Accelerant, we collect, use and process Personal Information on individuals, including the following individuals who are covered by this Privacy Notice (“Notice”):
- (prospective) insured persons, insurance applicants and policyholders (“Insureds”);
- beneficiaries and other persons named in the insurance policy (“Beneficiaries”);
- persons filing a claim under an insurance policy (“Claimants”);
- persons who serve as a witness in light of an insurance claim (“Witness”);
- collectively (“Insurance Contacts”);
- individuals working for one of our business partners (“Business Contacts”);
- individuals who otherwise interact with us online or offline, for instance by visiting our offices
- or filing a general request for information via our website (“General Contacts”);
- individuals who use and visit our website (“Website Visitors”).
This Notice does not apply to Accelerant employees, job applicants, insurance brokers and agents or our Members (as defined below).
Accelerant takes its responsibility to protect your Personal Information. In that respect, we are committed to handle your Personal Information in accordance with all applicable data protection laws and be transparent as to how we collect, process and share that information.
This Privacy Notice is designed to inform you how Accelerant, its subsidiaries and affiliates collect and use Personal Information when providing services as an insurance business. It explains how, why and when we collect, use, retain and disclose your Personal Information, as well as your own rights in relation to that information.
Accelerant consists of different legal entities pertaining to Accelerant Holdings Group, the details of which may be found here.
Accelerant is an insurance underwriting group. As part of our core activities, we underwrite insurance business via delegated authority. For this purpose, we work through a network of business relationships established with Insurance Market Participants (our Members) who we may rely upon to underwrite, administer policies, and adjudicate claims on our behalf.
For the purpose of this Privacy Notice and the applicable data protection laws the following Accelerant entities act as controller and are responsible for the processing of your Personal Information:
- If you are an Insurance Contact, the relevant Accelerant entity that underwrites the insurance policy that relates to you;
- If you are a Business Contact or General Contact, the relevant Accelerant entity who you are in contact with acts as controller of your Personal Information.
- If you are a Website Visitor, Accelerant Insurance Ltd. acts as controller for your Personal Information.
To consult these Accelerant entities’ contact details, please click here.
In a number of instances, we do not collect the data from you directly (see Section 6: Where Do We Get Your Personal Information From?)
The Personal Information we process depends on your relationship with Accelerant as set out above and whether collection is permitted by applicable law. We collect and process the following categories of Personal Information from you:
We only process your special category and/or criminal Personal Information where strictly necessary. When we do, we (or our Members) will ask for your explicit consent where such is required in accordance with applicable data protection law, or we rely on a specific authorization in law that allows us to process this information.
Depending on the capacity in which you interact with us as set out above, i.e. as a Website Visitor, Insurance Contact, Business Contact or General Contact, we need to process your Personal Information for different purposes (see Section 5: Why and on what legal grounds do we process your Personal Information?) including to respond to your inquiry, communicate with you, handle claims, assess risk and make decision in regard to your insurance policy application.
If we are not provided with your Personal Information, we are unable to undertake these activities and this may result in, e.g., us being unable to communicate with you or your insurance application being denied because we are unable to assess the risk involved.
We will only use and process your Personal Information where we have a purpose and a legal ground to do so (where this is required under applicable data protection law). We use and process your Personal Information for the purposes and legal grounds set out below, depending on your relationship with us and whether the processing is permitted under applicable law:
The source from which we get your Personal Information will always depend on your specific circumstances.
In most cases, we obtain your Personal Information from Insurance Market Participants (i.e. our Members) and other third parties such as your insurance agent or broker.
On occasion, we may also receive/collect your Personal Information directly from you, such as when you are a Website Visitor or where you are otherwise in direct contact with us. We may also receive your Personal Information from the following sources:
- Persons and companies you are affiliated with or related to including your family members, employer or representative;
- We automatically collect certain information when you visit or use our Website;
- Credit reference agencies;
- Reinsurance companies and other third party insurance companies with whom you have, had, are applying for, or have filed a claim under an insurance policy;
- Anti-fraud databases, CLUE reports, sanctions lists, court judgements and other public databases;
- Government agencies;
- Open electoral registers and other publicly available registers such as company registers;
- Supervisory, regulatory and other public authorities;
- In the event of a claim, third parties including the other party to the claim (claimant/defendant), witnesses, experts (including medical experts), loss adjustors, external counsel, and claims handlers;
- Service providers such as organizations operating our website; and
- Other public and non-public sources including information that is publicly available online.
Automated decision-making is a process whereby decisions, with effect on an individual, are made using automated computing means (i.e., without involvement of a human). Profiling is an automated process whereby Personal Information is processed to evaluate certain personal aspects of an individual to analyse or predict behaviour or aspects.
As explained above in Section 5: Why and on what legal grounds do we process your Personal Information? Accelerant performs data analytics to establish risk patterns and categories using its InsightFull platform. Accelerant offers this platform to our Insurance Market Participants, who, when calculating risk and insurance premiums and where such is permitted by applicable law, compare your Personal Information against these industry averages and patterns. This insurance specific exercise is considered profiling and/or automated decision-making and is necessary to enter into a contract with you – to confirm that the premium amount reflects and adequately matches the associated risk – and/or authorized under applicable law. As a result of these profiling activities, you may be offered a different insurance policy and/or premium, or even be refused insurance.
Profiling may also be used by our Insurance Market Participants to assess information relating to you, to identify and have a good understanding of fraud patterns. Where special categories of Personal Information are relevant, such as medical history or past criminal convictions for certain types of insurance, such special categories of Personal Information may also be used for profiling. However in this case, and where relevant, your prior consent will be requested unless reliance on another legal basis to process this data for profiling purposes applies.
Please reach out to us using the contact details in Section 14: Contact Details below if you want to receive more information.
We will retain your Personal Information only for as long as is necessary for the purpose for which it was originally obtained, to comply with our legal and regulatory obligations, and to defend our rights, and always in line with the data retention periods set forth in the laws and regulations applicable to us.
We share your Personal Information with other Accelerant affiliates. Accelerant employees only have access and process your Personal Information on a “need to know” basis, i.e. only where such access and processing is necessary for such employees to performs the tasks and responsibilities allocated to them.
We also share your Personal Information with the following categories of third-parties:
- Our service providers (e.g. IT vendors supporting our information security and technology, external counsel and other legal advisors, consultants, auditors, website and data hosting providers, marketing agencies, accountants, etc.);
- Governmental authorities including our supervisory regulatory authorities and law enforcement agencies;
- Our Insurance Market Participants (Members);
- Contractors, brokers or financial institutions; and
- Other third parties (i) upon your request; (ii) to protect and defend our rights and properties; (iii) to detect and/or prevent fraud or money laundering; (iv) in the event of a sale, merger or reorganization of our assets or other restructuring; and/or (v) where we are, or believe in good faith that we are, under a legal obligation to share your data.
The categories of personal information we collect about you and the third parties to whom we disclose that Personal Information for a business purpose are as follows:
In the preceding twelve (12) months, we may have disclosed the above listed categories for a business purpose. We do not sell Personal Information, and in the preceding twelve (12) months, we have not sold Personal Information.
The recipients who we share your Personal Information with, as mentioned in Section 9: Who do we share your Personal Information with? may be located in countries that may have data protection laws that are different to the laws of your country, and in some cases, may not have an adequate level of data protection , which means that local laws may provide for a lower standard of protection for Personal Information than the one that applies within your jurisdiction.
We only transfer your Personal Information to these jurisdictions in compliance with applicable data protection law and transfer restrictions, and we implement appropriate safeguards where required.
If you are located in the EEA/UK and we transfer your Personal Information to other Accelerant group companies located outside the EEA/UK, we rely on the EU Commission Standard Contractual Clauses (“SCCs” – link here) (amended for use in the UK as appropriate with the application of the international transfer addendum (“Addendum” – link here) to the EU SCCs) (Art. 46(2)(c) GDPR) or the UK standalone international data transfer agreement (“IDTA” – link here). Where your Personal Information is transferred to another recipient outside of the EEA/UK we will seek to enter into SCCs or international data transfer agreement with the recipient, seek assurances from the recipient that they have Binding Corporate Rules in place (Art. 46(2)(b) GDPR) or, in exceptional circumstances, rely on a derogation under applicable data protection law (Art. 49 GDPR) (e.g., where the transfer is necessary for the defence of legal claims). Further, where there is a direct transfer of Personal Information from you as an individual to us or one of these recipients outside the EEA/UK we rely on the household exemption where this is available under applicable data protection law. Furthermore, Accelerant relies on the recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data from the European Data Protection Board.
If you are in the EEA/UK, you may obtain more information with regards to the transfer mechanism used by contacting us using the contact details below.
If you are in the EEA/UK and would like to receive further details on the safeguards implemented for the transfer of your Personal Information, you may contact our Data Protection Team using the contact details reflected under Section 14: Contact Details below.
As a data subject, you may have rights with respect to the processing of your Personal Information under our control as follows:
- Access your Personal Information – You may ask us what Personal Information we process and request copies of such Personal Information;
- Rectification of Personal Information – You may ask us to rectify or update Personal Information that is inaccurate or incomplete;
- Erasure of Personal Information – You may ask us to delete your Personal Information in certain instances;
- Restriction of processing – Under certain circumstance (such as when you question the accuracy of the Personal Information we hold on you or the lawfulness of its processing) you may request us to stop processing such data until your request is resolved;
- Data portability – In certain cases, you may ask us to send an electronic copy of your Personal Information directly to you or to another organization;
- Object – You may object to any processing of your Personal Information, including profiling, based on the ground of legitimate interest, as well as the share of your Personal Information for cross-context behavioural advertising;
- Withdraw – Where processing of your Personal Information is based on your consent – you may at any time withdraw your consent however this will not affect any processing we did before withdrawal.
Please note that in addition to the abovementioned limitations to your rights, other limitations to the above rights may apply, for instance to safeguard the public interest (e.g., the prevention or detection of crime).
You also have the right to lodge a complaint about the processing of your Personal Information with the competent data protection authority which typically would be the supervisory authority of the country you are located in. Please find below the competent authorities depending on your location:
- To consult a full list of all EU data protection authorities, please click here.
- To consult the UK data protection authority’s contact details please click here.
- To consult the United States authorities’ contact details, please click here (California users), here (Colorado users) and here (Virginia users).
- To consult the Canadian authority’s contact details please click here.
Accelerant will verify that the information you submit (which may include your first name, last name, email address, company, and country/state) matches our records before we fulfil the request. You may use an authorized agent to submit a consumer rights request on your behalf using the methods above, however, Accelerant will require the authorized agent to provide signed permission to submit the request on your behalf and may still contact you to confirm your identity and that this request was submitted with your permission.
Accelerant does not discriminate against you for exercising your rights or offer you financial incentives related to the use of your personal information.
In order to exercise the above listed rights, please contact our Data Protection Team using the contact details reflected under Section 14: Contact Details below. Please note that we may ask you to verify your identity.
The Personal Information collected by Accelerant is secure and maintained in a manner consistent with current industry standards, laws, and regulations. Your Personal Information is protected in several ways:
- It resides on a secure server that only selected personnel and contractors can access using a unique logon and password. Access is provided based upon the principle of least privilege;
- We encrypt your Personal Information in transit in order to prevent unauthorized parties from viewing that information when it is transmitted;
- We use internet firewalls, intrusion detection and network monitoring depending on the nature of the information and the scope of processing.
Our services are not directed to or intended for individuals under 18 years of age. We do not knowingly collect information from individuals under the age of 18 years without parental consent. If we become aware that an individual under 18 years has provided us with personal information without parental consent, we will take steps to remove the data as permitted by law.
We do not knowingly sell or share information of individuals under the age of 16 years.
For all details regarding compliance with data protection/Personal Information laws, please contact our Group Data Protection Officer (“DPO”) by using the following contact details:
Postal Address:
Group Data Protection Officer
Bastion Tower – Floor 12
Place du Champ de Mars 5,
1050 Elsene,
Belgium
Email: [email protected]
For the Californian users, you might use the following phone number for exercising your rights: 833-284-9200
We may change this Privacy Notice from time to time. If such changes are material in nature, we will provide you with additional notice (such as adding a statement to the Website page or sending you an email notification). The most current version of the Privacy Notice in effect at the time of your use of the Website will govern your use of it. Changes to the Privacy Notice will not be applied retroactively to Personal Information that was collected before the effective date of any change, unless required by applicable law.
Term | Meaning |
---|---|
Insurance Market Participants | Managing General Agents and Third Party Administrators or our “Members”. |
Personal Information | Any information relating to an identified or identifiable person i.e. who can be directly or indirectly identified |
Special categories of information | Certain categories of Personal Information, which have additional protection under certain data protection laws due to their sensitivity. The categories are health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation. |
We, us | Accelerant Group companies |
You, your | Website Visitors, Insurance Contacts, Business Contacts and General Contacts. |
Data protection law | Local regulation and legislation that is offering the protection on Personal Information to ensure that natural persons can trust Accelerant to use their Personal Information fairly and responsibly. Such texts include (but are not limited to) the EEA/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Consumer Privacy Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act or the Personal Information Protection and Electronic Document Act (PIPEDA). |