This notice describes how InsTech, as a data controller, collects, uses, shares and retains the personal data you provide and informs you of the choices regarding use, access and correction of your personal data. InsTech is committed to ensuring that any personal data it receives is protected and handled in accordance with applicable data protection laws. We also highlight our legitimate business interest in this policy.
For the purposes of this Privacy Notice, references to "we", "us" or "our" shall refer to InsTech.
What personal data do we process about you, and why?
Some of this information is also collected when subscribing to one of our InsTech newsletters. When you visit our website, your device and browser will automatically disclose certain information, some of which may constitute basic personal data. We also collect some publicly available information including: IP Address, sector of the industry, current employer, workplace city of employment & seniority level. You can find more information about what we do with your data under our legitimate interest section below.
Individual Member Sign-up
When you sign up for individual membership, we collect the following personal data: name, email address, job title and company name, to provide specific benefits associated with InsTech’s individual membership.
Corporate Member Sign-up
When an individual who works for a corporate member takes advantage of InsTech’s corporate membership, we collect the following personal data: name, email address, job title and company name, to provide specific benefits associated with InsTech corporate membership.
Digital and Live Events
If you sign up to attend any of our events, we collect the following personal data: name, email address, job title, company name and IP address where applicable.
When you download any InsTech reports, we collect the following personal data: name, email address, job title and company name.
When you sign up to receive our newsletter, we collect the following personal data: name, email address, job title, company name and IP address where applicable.
If you do not want to receive further newsletters from InsTech, you can unsubscribe from each specific newsletter at any time using a link at the bottom of the newsletter email. Unsubscribing from a newsletter means you will not receive that newsletter, we may continue to contact you about other InsTech events and promotional opportunities. If you wish a full opt-out of any communications from InsTech, please email email@example.com
We collect and send cookies. Cookies are small pieces of data that websites send to a user's computer and are stored on the user's web browser. They are designed to enable the website to remember information, such as what a user might have put in a shopping cart.
Our data principles and legitimate interest for sharing data
We care about the sustainable development of the insurance, insurtech and risk management sector. We have spent years growing a vibrant community built on the principles of trust, fair information exchange and providing value and insight to our clients.
As a community of engaged professionals we curate our data to be shared with other, relevant members of our network where we see benefit to both parties involved.
As a network-driven business, we have legitimate interest to provide content value in return for engagement by both clients and interested parties. They actively engage with our content and benefit from it. We therefore share identifiable data with our network for the purpose of value creation for both interested parties. For example, if you attend an event, it is in our legitimate interest to share your individual data with the sponsor, if we deem it relevant and of value to both sides.
We are a network business whose strength and success relies upon sharing information, ideas and networks in a targeted and value-driven. This underlines our legitimate interest of sharing targeted information with our network, where appropriate for GDPR purposes.
It's also in our legitimate interest to send you market updates, promotional materials and event invitations. We may also disclose some elements of your personal data to third parties, as detailed in the section 'Who are we sharing your data with'.
Who are we sharing your data with?
To help manage our business and deliver services, we may share your personal data with third-party service providers such as IT suppliers, document management providers and others. We require all our third-party providers to respect the confidentiality and security of personal data. We may be under legal or regulatory obligations to share your personal data with courts, regulators and law enforcement bodies.
We may disclose some elements of your personal data to third parties under legitimate interests. This will only include name, company, job title and email.
We may also disclose to third parties aggregated or other information that does not identify you individually, such as how many users viewed a particular product or web page, to conduct website analytics or to serve you targeted advertising.
Transfers to service providers and other third parties will always be protected by contractual commitments and further assurances, where appropriate.
Why do we share data outside of the UK?
We may transfer personal data to a country outside of the UK, for example if a third party we share data with has servers located outside of the UK. If this is the case, we will obtain your consent or otherwise ensure that the transfer is legal and your data is secure by following UK guidelines. We may also make other disclosures of your personal data overseas, such as receiving a legal or regulatory request from a foreign law enforcement body.
We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests:
- We will only transfer your personal data to countries recognised as providing an adequate level of legal protection or where we can be satisfied those alternative arrangements are in place to protect your privacy rights.
- Transfers to service providers and other third parties will always be protected by contractual commitments and further assurances, where appropriate.
- Any requests for information we receive from law enforcement or regulators will be carefully checked before personal data is disclosed.
- We have listed below the systems we use, and where we send data outside of the UK and on what basis we do so.
- Eventbrite – Data is transferred outside of the UK to the United States.
- Pipedrive - Data is not transferred outside of the European Economic Area.
- MailChimp – Data is transferred outside of the UK to the United States.
- ConvertKit - Data is transferred outside of the UK to the United States.
- Google Analytics – Data is not transferred outside of the European Economic Area.
- CiviCRM – Data is transferred outside of the UK to the United States.
How long do we keep your data?
We will retain your personal data for as long as is reasonably necessary to fulfill the relevant purposes set out in this Privacy Notice. The retention period will primarily be determined by applicable legal and regulatory obligations and/or the duration of our business relationship with you or another associated party. We check our data retention policy regularly to ensure we maintain a legitimate reason for retaining your data. We will securely delete or erase your personal data if there is no valid business reason for retaining your data. In exceptional circumstances, we may retain your personal data for longer periods of time if we reasonably believe there is a prospect of litigation in the event of any complaints or there is another valid business reason the data will be needed in the future.
How do we keep your personal data secure?
We keep your data secure in the following ways:
- by following internal policies of best practice and training for staff
- by keeping personal data within our systems where possible
- by transferring data using best practices
- In the unlikely event of a breach of our security, we will inform the relevant regulatory body within 72 hours of the breach being discovered. If your personal data were involved in the breach, we shall also inform you.
Changes to our Privacy Notice and control
We may change this Privacy Notice from time to time. When we do, we will revise the date on this policy, notifying users of only significant changes. You agree to be bound by the revised Privacy Notice by continuing to access or use our services after those changes become effective.
You have certain rights as an individual, which you can exercise in relation to the personal data we hold about you. If you request to exercise any of your rights, we reserve the right to ask you for proof of your identity. We aim to acknowledge your request as soon as possible and address your query within one month from your request.
The right to access
You are entitled to a confirmation whether we are processing your data, a copy of your data, and information about purposes of processing, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, where we got your data from and how you can make a complaint.
The right to rectification
If you believe the personal data we hold about you is inaccurate or incomplete, you can request for it to be rectified.
The right to erasure
You have the right to ask for the erasure of your data if you withdraw your consent, terminate a contract with us, or believe the personal data is no longer necessary for the purposes for which it was collected. In that case, you may request that your data be deleted. However, this will need to be balanced against other factors; for example, certain regulatory obligations may mean we cannot comply with your request.
The right to restriction of processing
You can ask us to restrict (i.e. keep but not use) your personal data, but only where:
- Its accuracy is contested, to allow us to verify its accuracy; or
- The processing is unlawful, but you do not want it erased; or
- It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- You have exercised the right to object, and verification of overriding grounds is pending.
- We can continue to use your personal data following a request for restriction, where we have your consent; to establish, exercise or defend legal claims; or protect the rights of another natural or legal person.
The right to data portability
If we collected your personal data under a contract or your consent, you could request us to transfer your personal data to provide it to another third party of your choice.
The right to object
You have the right to object at any time to processing of your personal data where processing is necessary for the performance of a task carried out in the public interest or the exercise of an official authority vested in the controller. You may also object where the processing is necessary for the purposes of the legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms, where you are a child.
The right to withdraw consent
If we process your personal data under your consent, you can withdraw it at any time. You can contact us at firstname.lastname@example.org or our Data Protection Officer, Paul Novelle, COO of InsTech: email@example.comWe do not have to comply with a request where it would adversely affect the rights and freedoms of other individuals.
If you have any questions relating to data protection that you believe we can answer, please contact us as indicated below.
We are Instech London Limited, and our address is 7 Granard Business Centre, Bunns Lane, Mill Hill, London NW7 2DQ. You can contact us at firstname.lastname@example.org
If you are not satisfied with our response or believe we are not processing your personal data in accordance with legal requirements, you can make a complaint to the relevant Data Protection Authority. Our Lead Authority is the UK Information Commissioner's Office.