Hiscox is committed to protecting your privacy. This fair processing notice (this ‘notice’) sets out details of the information that we may collect from you and how we may use that information. Please take your time to read this notice carefully. When using a Hiscox website, this notice should be read alongside the website terms and conditions.
1. About us
Hiscox is an international insurance business. We offer insurance to individuals, companies and other insurers. We do this both by providing insurance ourselves and by placing insurance with other insurers. We also offer insurance to other insurers (known as ‘reinsurance’). For the purposes of this notice, references to insurance also mean reinsurance.
We will collect and process data about our website visitors. This makes the relevant Hiscox company a ‘data controller’. In this notice we use ‘we’ or ‘us’ or ‘Hiscox’ are to:
Hiscox S.A., company number B217018, registered address: 35F Avenue JF Kennedy, L-1855 Luxembourg .
Hiscox Underwriting Group Services Limited, company number 04137419, registered address: 1 Great St Helens, London EC3A 6HX
The specific company acting as a data controller of your personal information will be listed in the documentation we provide to you. If you are unsure you can also contact us at any time by emailing us at [email protected], or by post to Hiscox S.A, 35F Avenue JF Kennedy, L-1855 Luxembourg.
2. What personal information do we collect and use?
The personal information that we collect will depend on your relationship with us. Here below we provide you with some general information regarding the processing of personal data on our website. Specific information about processing activities of Hiscox other than the ones associated with this website will be provided separately.
We processed personal data collected on our website for the following purposes:
when you send us a request or a complaint through our website or by other means, only for the purpose of the management of this request of complaint.
Information such as IP address and browsing history obtained through our use
of cookies. You can find more information about this in our cookies policy which can be found at
We do not reuse the information for another purpose that is different to the one stated. We will not use your personal data for direct marketing purposes.
As a rule, we do not keep your personal information for longer than necessary for the purposes for which we collected it.
3. How long do we keep personal information for
We will only keep your personal information for the minimum periods required in order to fulfil the relevant purposes set out in this notice.
We are also required to keep certain information in order to comply with our legal and regulatory obligations.
The exact time period will depend on your relationship with us and the type of personal information we hold.
If you would like further information regarding the periods for which your personal information will be stored, please contact us using the details set out in section 8.
4. International data transfers
We (or third parties acting on our behalf) may store or process information that we collect about you in countries outside the European Economic Area (‘EEA’). Where we make a transfer of your personal information outside of the EEA we will take the required steps to ensure that your personal information is protected. Such steps may include placing the party we are transferring information to under contractual obligations to protect your personal information to adequate standards.
If you would like further information regarding the steps we take to safeguard your personal information, please contact us using the details set out in section 8.
5. How do we protect your information
We use a range of organisational and technical security measures to protect your information, including firewalls and access controls, which we review periodically. We also ensure that our employees receive appropriate data security training.
6. Your rights
The right to access your personal information
You are entitled to a copy of the personal information we hold about you and certain details of how we use it.
Your information will usually be provided to you using our online privacy platform, unless you request a copy to be provided via post.
The right to rectification
We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
The right to erasure
In certain circumstances, you have the right to ask us to erase your personal information, for example where the personal information we collected is no longer necessary for the original purpose or, where we are relying on consent as our legal ground, you withdraw your consent. However this will need to be balanced against other factors. For example, we may have legal and regulatory obligations, or may need to use your personal data to establish, exercise or defend legal claims which mean will be unable to comply with your request.
The right to restriction of processing
In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to use your personal information.
The right to data portability
In certain circumstances, you have the right to ask that we transfer personal information that you have provided to us to another third party of your choice in a commonly used electronic format.
Rights to object
You have a right to object to an automated decision in certain circumstances.
Where we process your personal information based on our appropriate business needs, you can object to such processing. In such cases, we will assess your objection against our business needs.
The right to withdraw consent
For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information.
The right to lodge a complaint
You have a right to complain to our Lead Supervisory Authority - the Information Commissioner's Office (ICO) or Supervisory Authority for data protection in your country, if you believe that any use of your personal information by us is in breach of applicable data protection laws and regulations. Making a complaint will not affect any other legal rights or remedies that you have.
Under data protection law you have certain rights in relation to the personal information that we hold about you. There will not usually be a charge for dealing with these requests. You may exercise these rights at any time by contacting us using the details set out in section 8.
the rights set out below do not apply in all circumstances;
in some cases we may not be able to comply with your request (for example, where there is a conflict with our own obligations to comply with other legal or regulatory requirements). However, we will always respond to any request you make and if we can't comply with your request, we will tell you why.
in some circumstances exercising some of these rights (such as the right to erasure or the right to restrict processing) will mean we are unable to continue providing you with insurance and may therefore result in its cancellation. You will therefore lose the right to bring any claim or receive any benefit, including in relation to any event that occurred before you exercised your right of erasure, if our ability to handle the claim has been prejudiced. Your policy terms and conditions set out what will happen in the event your policy is cancelled.
We may ask you for proof of identity when you make a request to exercise one of the rights set out below. Where required we will not process your request until you have provided appropriate proof of identity, such that Hiscox is sure we are dealing with the correct individual.
We’ll not ask for a fee, unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we’ll inform you before proceeding with your request. Your request will not be processed until the fee is paid.
We will respond to valid requests within one month. If your request particularly complicated or you have made several requests we may extend this period. If this is the case we will always let you know when we expect to be able to respond to your request.
Your rights include:
7. Privacy Notices of other websites
This website contains links to other Hiscox websites. This privacy notice applies only to this website, so if you click on a link to another website, you should read their privacy notices.
8. Contacting us
If you would like further information about any of the matters in this notice or have any other questions about how we collect, store or use your personal information, you may contact our Data Protection Officer by emailing us at: [email protected] or writing to us at: 35F Avenue JF Kennedy, L-1855 Luxembourg.
9. Updates to this notice
From time to time we may need to make changes to this notice, for example, as the result of changes to law, technologies, or other developments. Where we make substantial changes to this notice we will provide you with an updated copy. You can also check our website: https://www.hiscox.lu/privacy-policy periodically to view the most up-to-date notice.
This notice was last updated on: 23rd April 2020.
Hiscox is committed to protecting your privacy online