Data Protection and Privacy Policy

Last updated January 2019

Who Are We?

iprism is the trading name of iprism underwriting agency limited.

We are a private limited company incorporated in England and Wales. Our registered company number is 05604278.

iprism is authorised and regulated by the Financial Conduct Authority (FCA) and our permitted business is for the provision of regulated products and services, assisting in the administration and performance of a contract of insurance. Our FCA register number is 460209 and our registered office is 4th Floor, Northern & Shell Building, 10 Lower Thames Street, London, EC3R 6AF.

iprism is the "data controller" of your client(s)’s information you as the broker provide us with. This term is a legal phrase used to describe the person or entity that controls the way information is used and processed.

We are registered under the General Data Protection Regulations (GDPR) 2018 with the Information Commissioner’s Office (ICO) in the UK. Our registration number is Z9688124.

Why we collect your client’s data

We collect data for the purposes of:

  • Providing insurance quotations;
  • Underwriting insurance policies;
  • Managing insurance policies; and
  • Processing insurance claims.

The nature and depth of this data varies from case-to-case but constitutes the data required to ascertain risk and provide the relevant service you have asked us to provide to safeguard your client(s), shaped by insurance industry best practice.

iprism requires your specific consent in order to collect and process you client(s) data for the purposes of providing an insurance quotation or policy.

What do we do with your client’s data?

We use your client(s)’s data to determine the premium and terms applicable to the insurance proposal – producing a quotation or range of quotations for the insurance you have asked us to provide. Our systems are designed to ensure that only people directly involved in the insurance chain have access to your client(s)’s data. In order to complete the proposal, create and maintain the policy or process a claim from your client(s) we may need to share certain parts of the data with other secure data controllers within the insurance industry. We keep such transactions to an absolute minimum and all parties are authorised and regulated to the same standards as ourselves. We will never pass on your details to other organisations for the purposes of sales or marketing.

How long do we keep your client’s data?

We keep the data indefinitely for the purposes of statistical analysis and the tracking of long term liability claims. Access is always restricted to the essential people in your insurance chain. When data is used for the purposes of statistical analysis (e.g. loss ratios, claims or pricing analysis) it is always aggregated and anonymised.

Security, storage and access to your client’s data

We store all the data in the UK in encrypted form on equipment we fully own and control. Access to the data is strictly controlled by layers of security and our infrastructure and applications are regularly subjected to penetration testing by third party data security professionals.

Managing your client’s information (including Subject Access Requests)

Your client(s) is/are perfectly within their rights to ask us whether we hold information about them and if so, for us to give your client(s) certain details about that information and/or the information itself. This right is commonly known as a Subject Access Request. Certain exemptions and conditions apply to this right, principally that it should be in writing and that you give us reasonable details about the information required.

We will respond to all such requests, having first verified your identity. If the request is of a complex, vexatious and/or repetitive nature, we reserve the right to make a charge for fulfilling the request which will be purely based on the administrative overhead involved your Subject Access Request.

We reserve the right to refuse to comply with any enquiries or requests we receive about the information we collect, where we may lawfully do so. For example, if we have reason to believe that a request is malicious, technically impossible, involves disproportionate effort or could be harmful to others.

Your client’s Right for Rectification

To reduce the chances of an error or misunderstanding, we need to keep the information we gather about your client(s) accurate and up-to-date. If you or your client(s) have reason to believe any of the information we hold about your client(s) is inaccurate, you can request for it to be rectified.

Your client’s Right to Erasure

If your client(s) withdraw their consent, terminate a contract with us or believe the personal information is no longer necessary for the purposes for which it was collected, your client(s) may request the data to be deleted. If your client(s) exercise their Right to Erasure we will securely erase the personal data from our systems in an appropriate timeframe and manner. However, this will need to be balanced against other factors, for example there may be certain regulatory obligations which mean we cannot comply with your request.

Further information about your client’s Privacy Rights

You can find more general information about your client(s)’s rights on the website of the Information Commissioner’s Office (ICO) who regulate data protection and privacy matters in the UK.

If you are still unclear about the information we might hold on your client(s), what we use it for, their Privacy Rights or if you wish to make a complaint you can email us at complaints@iprism.co.uk.

Updates to this Data Protection and Privacy Policy

We review the ways in which we use your client(s) information regularly and in doing so, we may change what kind of information we collect, how we store it, who we share it with and how we act on it. Consequently, we will need to change this Data Protection and Privacy Policy from time to time to keep it accurate and up-to-date.

iprism reserves the right to change this Policy in line with regulatory requirements and a link to this page is available from the policy documents. That way, you can check to see if you and your client(s) are still happy and if, following any changes, we do not hear to the contrary, we will assume that you agree to those changes.

For any queries relating to iprism’s Data Protection and Privacy Policy, please email us at dpo@iprism.co.uk.