Last updated January 2019
iprism is the trading name of iprism underwriting agency limited.
We are a private limited company incorporated in England and Wales. Our registered company number is 05604278.
iprism is authorised and regulated by the Financial Conduct Authority (FCA) and our permitted business is for the provision of regulated products and services, assisting in the administration and performance of a contract of insurance. Our FCA register number is 460209 and our registered office is 4th Floor, Northern & Shell Building, 10 Lower Thames Street, London, EC3R 6AF.
iprism is the "data controller" of your client(s)’s information you as the broker provide us with. This term is a legal phrase used to describe the person or entity that controls the way information is used and processed.
We are registered under the General Data Protection Regulations (GDPR) 2018 with the Information Commissioner’s Office (ICO) in the UK. Our registration number is Z9688124.
We collect data for the purposes of:
The nature and depth of this data varies from case-to-case but constitutes the data required to ascertain risk and provide the relevant service you have asked us to provide to safeguard your client(s), shaped by insurance industry best practice.
iprism requires your specific consent in order to collect and process you client(s) data for the purposes of providing an insurance quotation or policy.
We use your client(s)’s data to determine the premium and terms applicable to the insurance proposal – producing a quotation or range of quotations for the insurance you have asked us to provide. Our systems are designed to ensure that only people directly involved in the insurance chain have access to your client(s)’s data. In order to complete the proposal, create and maintain the policy or process a claim from your client(s) we may need to share certain parts of the data with other secure data controllers within the insurance industry. We keep such transactions to an absolute minimum and all parties are authorised and regulated to the same standards as ourselves. We will never pass on your details to other organisations for the purposes of sales or marketing.
We keep the data indefinitely for the purposes of statistical analysis and the tracking of long term liability claims. Access is always restricted to the essential people in your insurance chain. When data is used for the purposes of statistical analysis (e.g. loss ratios, claims or pricing analysis) it is always aggregated and anonymised.
We store all the data in the UK in encrypted form on equipment we fully own and control. Access to the data is strictly controlled by layers of security and our infrastructure and applications are regularly subjected to penetration testing by third party data security professionals.
Your client(s) is/are perfectly within their rights to ask us whether we hold information about them and if so, for us to give your client(s) certain details about that information and/or the information itself. This right is commonly known as a Subject Access Request. Certain exemptions and conditions apply to this right, principally that it should be in writing and that you give us reasonable details about the information required.
We will respond to all such requests, having first verified your identity. If the request is of a complex, vexatious and/or repetitive nature, we reserve the right to make a charge for fulfilling the request which will be purely based on the administrative overhead involved your Subject Access Request.
We reserve the right to refuse to comply with any enquiries or requests we receive about the information we collect, where we may lawfully do so. For example, if we have reason to believe that a request is malicious, technically impossible, involves disproportionate effort or could be harmful to others.
To reduce the chances of an error or misunderstanding, we need to keep the information we gather about your client(s) accurate and up-to-date. If you or your client(s) have reason to believe any of the information we hold about your client(s) is inaccurate, you can request for it to be rectified.
If your client(s) withdraw their consent, terminate a contract with us or believe the personal information is no longer necessary for the purposes for which it was collected, your client(s) may request the data to be deleted. If your client(s) exercise their Right to Erasure we will securely erase the personal data from our systems in an appropriate timeframe and manner. However, this will need to be balanced against other factors, for example there may be certain regulatory obligations which mean we cannot comply with your request.
You can find more general information about your client(s)’s rights on the website of the Information Commissioner’s Office (ICO) who regulate data protection and privacy matters in the UK.
If you are still unclear about the information we might hold on your client(s), what we use it for, their Privacy Rights or if you wish to make a complaint you can email us at email@example.com.
iprism reserves the right to change this Policy in line with regulatory requirements and a link to this page is available from the policy documents. That way, you can check to see if you and your client(s) are still happy and if, following any changes, we do not hear to the contrary, we will assume that you agree to those changes.