Skip to main content
QBE Re

Privacy Policy

We process personal data in order to be able to provide our customers with the best possible service/product. We always ensure we either have a legitimate purpose to hold personal data or obtain consent. We strive to maintain the highest possible Data Protection standards and we will handle all data with the upmost care.

Our Privacy Policy

Your trust is important to us, so we want you to be aware of our Privacy Policy which explains how we collect, store and handle your personal data.

Report a Data Breach

If you suspect data about QBE’s customers, staff or other contacts has been inappropriately disclosed or you find QBE property which may contain confidential or personal data, please let our Data Protection Team know as soon as possible by completing our Data Breach Form.

Fair Processing Notice

QBE European Operations ("QBE") is committed to ensuring your privacy is protected.  This Fair Processing Notice sets out details of the information that we may collect from you and how we may use that information. Please take your time to read this notice carefully. When using a QBE website, this notice should be read alongside the website terms and conditions and cookie policy.

QBE is part of a wider group of companies, the QBE Insurance Group, one of the world’s leading international insurers and reinsurers. As a business insurance specialist, we offer a range of reinsurance products from the standard suite of property, casualty and motor to the specialist financial lines, marine and energy. All are tailored to the individual needs of our small, medium and large client base.

To enable us to provide reinsurance services, including providing a quote and then reinsurance, and dealing with any claims or complaints that might arise, we need to collect and process data. This makes us a "data controller" for any personal information that you provide to us which makes us responsible for complying with data protection laws.

The specific company acting as a data controller of your personal information will be listed in the documentation we provide to you. A list of all the companies within QBE European Operations which act as data controllers is set out below:

  • QBE Re (Europe) Limited
  • QBE Europe SA/NV
  • QBE Insurance (Europe) Limited
  • QBE Underwriting Limited
  • QBE European Operations Plc
  • QBE Management Services (UK) Limited
  • QBE European Operations Plc
  • QBE Management Services (UK) Limited
  • QBE Management (Ireland) Limited
  • QBE Underwriting Services (Ireland) Limited
  • QBE Underwriting Services (UK) Limited
  • QBE European Services Limited
  • QBE Insurance Services (Regional) Limited

If you are unsure about who the data controller of your personal information is, you can also contact us at any time by e-mailing us at dpo@uk.qbe.com.

The types of personal information that we collect and our uses of that personal information will depend on your relationship with us. For example, we will collect different personal information depending on whether you are an insurer, a broker, an expert, a policyholder or a beneficiary covered by an insurance policy, a website user, or another third party.

Sometimes we will request or receive some of your “sensitive personal information”. Sensitive personal information is information that relates to your health, biometric data, criminal convictions, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership. For example, we may need access to information about your health in order to draw up statistics and provide a broker or an insurer with a quote or process any claims you make. We may also need details of any unspent criminal convictions you have for fraud prevention purposes or to carry out money laundering checks. We won’t actively collect sensitive personal information about your sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership although it is possible that this could be disclosed indirectly in certain circumstances when answering our questions.

Where you provide personal information to us about other individuals (for example, policyholders, beneficiaries or your employees) we will also be data controller of and responsible for their personal information. You should refer them to this notice.

In order to make this notice as user friendly as possible, we have split it into different sections. Please click on the section below that best describes your relationship with us.

Prospective policyholders or beneficiaries

If you apply for an insurance policy with a broker or an insurer that decides to reinsure the policy or where someone else (such as your employer) applies for an insurance policy which will benefit you, this section will be relevant to you and sets out our uses of your personal information.

What personal information will we collect?

  • Your name, address, date of birth and gender.
  • Financial information such as information obtained as a result of our credit checks such as bankruptcy orders, individual voluntary arrangements or county court judgments.
  • Information about your relationship to the policyholder where you are the beneficiary.
  • Information relating to your identity such as your social security number, passport number, vehicle registration number or driving licence number.
  • Information about your job such as your job title, employment history and employment records (including information on your salary, benefits and earnings), education history and professional accreditations.
  • Information which we obtain as part of checking sanctions lists.
  • Additional information which is relevant to the insurance application such as previous insurance policies you have held and claims you have made. This will also include any information specific to the type of policy application. For example:
    • If you are applying for a property protection policy, we may collect and use information which relates to your property.
    • If a third party (such as your employer) is applying for a professional liability policy which covers you, we may collect and use personal information which relates to previous disciplinary issues.

    • What sensitive personal information will we collect?

  • Details about your criminal convictions and any related information. This will include information relating to any offences or alleged offences you have committed and any caution, court sentence or criminal sentence which you are or have been subject to, for example if you have applied for motor fleet cover, we will request to know about any motoring convictions your employees have.
  • Details about your physical and mental health which are relevant to the insurance application (e.g. if you take out or are covered by a personal accident and travel policy, we may need details of pre-existing medical conditions or, where you apply for a motor fleet policy, we may ask about any medical conditions which cause your drivers to have a restricted driving licence). This may take the form of medical reports or underlying medical data such as x-rays or blood tests
  • Whilst we do not actively collect other sensitive personal information, there may be some circumstances where you disclose sensitive personal information when answering our questions.

    • How will we collect your personal information?

    We will collect information from:

    • the applicant (where you are a beneficiary or named under an insurance policy);
    • third parties involved in the insurance application process (such as our business partners and representatives, brokers or other insurers);
    • fraud prevention and detection agencies;
    • other companies within the QBE Group; and
    • credit reference agencies.

    What will we use your personal information for?

    We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

    • We need to use your personal information to enter into a reinsurance contract.
    • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records.
    • We need to use your personal information for legitimate interests (e.g. to draw up statistics, to prepare (tariff/pricing/premium) models, to keep a record of the decisions we make when different types of applications are made, to keep business and accounting records, manage our business operations and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests.

    When the information that we process is classed as “sensitive personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "sensitive personal information":

    • We need to use your sensitive personal information to establish, exercise or defend legal rights or to manage disputes. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
    • You have provided your explicit (written) consent to our use of your sensitive personal information (e.g. in relation to your marketing preferences). In some circumstances, we may need your consent to process sensitive personal information. Without it, we may be unable to offer reinsurance. We will always explain why your consent is necessary.
    Purpose for processing Legal grounds for using your personal information Legal grounds for using your sensitive personal information
    To set you up a reinsurance contract including carrying out fraud, sanctions, credit and anti-money laundering checks.
    • We have a relevant legal or regulatory obligation.
    • We have a legitimate interest (to assess the insurance application).
    • We need to establish, exercise or defend legal rights or to manage disputes.
    • • You have given your explicit (written) consent.
    To evaluate the reinsurance application and provide a quote to a broker, (re)insurer.
    • We have a relevant legal or regulatory obligation.
    • We have a legitimate interest (to assess the insurance application and provide a broker, reinsurer with a quote)..
    • You have given us your explicit (written) consent.
    Complying with our legal or regulatory obligations.
    • We have a relevant legal or regulatory obligation.
    • You have given us your explicit (written) consent.
    • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.
    Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice)..
    • We have a relevant legal or regulatory obligation.
    • We have a legitimate interest (to effectively manage our business operations).
    • You have given us your explicit (written) consent.
    • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.
    Monitoring applications, reviewing, assessing, tailoring and improving our products and services and similar products and services offered by the QBE Group.
    • We have a legitimate interest (to draw up statistics, develop and improve the products and services offered by QBE or the QBE Group).
    • You have given us your explicit (written) consent.
    Investigating or detecting the unauthorised use of our systems, to secure our system and to ensure the effective operation of our systems.
    • We have a legitimate interest (to ensure the integrity and security of our systems).
    • You have given us your explicit (written) consent.
    • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.
    Transferring or selling part of our business or re-organising our company strucutre.
    • We have legitimate interset (to manage our business portfolio and re-organise our company).
    • We have a relevant legal or regulatory obligation.
    • You have given us your explicit (written) consent.

    Who will we share your personal information with?

    We will keep your personal information confidential and we will only share it where necessary for the purposes set out above with the following parties:

    • Other QBE Group companies for our general administration purposes or for the prevention and detection of fraud.
    • Our insurance partners such as brokers, sub-brokers, coverholders, other insurers, reinsurers or other companies who act as insurance distributors.
    • Third parties who assist in the administration of your insurance application. These include surveyors, valuers and other experts.
    • Other insurers who provide our own insurance (reinsurers) and companies who arrange such reinsurance.
    • Third parties who provide sanctions checking services.
    • Insurance industry bodies (including the 'RSR Database' kept by Datassur).
    • Fraud detection agencies and other third parties who operate and maintain fraud detection registers..
    • Our regulators including the National Bank of Belgium (NBB), the Belgian Financial Services and Markets Authority (FSMA), the UK Financial Conduct Authority and the UK Prudential Regulation Authority.
    • The police, other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime.
    • Credit reference agencies.
    • Third party suppliers we appoint to help us carry out our everyday business activities such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers and tax advisers.
    • Third parties who undertake analysis for the purposes of product improvement.
    • Selected third parties in connection with any sale, transfer or disposal of our business.

    Policyholder or beneficiary under an insurance policy

    If you take out an insurance policy with a broker or an insurer that decides to reinsure the policy or if you are listed as an applicant or beneficiary under a policy that someone else has with the broker or insurer (such as a named solicitor under a professional indemnity policy), this section will be relevant to you and sets out our uses of your personal information.

    What personal information will we collect?

    • Your name, address, date of birth and gender.
    • Financial information such as your information obtained as a result of our credit checks such as bankruptcy orders, individual voluntary arrangements or county court judgments..
    • Information about your relationship to the policyholder where you are the beneficiary and/or not the policyholder..
    • Identification relating to your identity such as your social security number, passport number, vehicle registration number or driving licence number.
    • Information about your job such as job title, employment history and employment records, (including information on your salary, benefits and earnings), education history and professional accreditations.
    • Information relevant to your insurance policy. This will depend on the nature of the policy but could include details relating to your property or business activities
    • Information relevant to your claim or your involvement in the matter giving rise to a claim. For example, if you make a claim following a road traffic accident, we may use personal information relating to your vehicle and named drivers.
    • Information relating to your previous policies or claims..
    • Information which we obtain as part of checking sanctions lists.

    What sensitive personal information will we collect?

    • Details about your criminal convictions and any related information. This will include information relating to any offences or alleged offences you have committed and any caution, court sentence or criminal sentence which you are or have been subject to.
    • Details about your physical and mental health which are relevant to your policy or claim (e.g. if you take out or are covered by a travel policy, we may need details of pre-existing medical conditions). This may take the form of medical reports or underlying medical data such as x-rays or blood tests.
    • We may also collect other sensitive personal information in limited circumstances where relevant to a claim.

      • How will we collect your personal information?

      We will collect information directly from you:

      • The named policyholder where you are a beneficiary;
      • Third parties involved in your insurance policy process (such as our business partners and representatives, brokers, sub-brokers, or other (re)insurers);
      • Other third parties who provide a service in relation to your insurance policy or claim such as loss adjusters, claims handlers, lawyers, experts (including medical experts and medical reports), healthcare and rehabilitation providers and other service providers;
      • Other companies within the QBE Group;
      • Credit reference agencies;
      • Insurance industry and other fraud prevention and detection databases and sanctions screening tools;
      • Insurance industry databases such as the 'RSR Database' held by Datassur;
      • Our regulators including the National Bank of Belgium (NBB), the Belgian Financial Services and Markets Authority (FSMA), the UK Financial Conduct Authority and the UK Prudential Regulation Authority;
      • The police where they have provided us with information and other law enforcement agencies;
      • From government agencies such as the Vehicle Registration Service (DIV) and the tax administrations;
      • Professional regulators; and
      • Selected third parties in connection with any sale, transfer or disposal of our business.

      What will we use your personal information for?

      We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

      • We need to use your personal information to perform the reinsurance contract that we hold with an insurer.
      • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records.
      • We need to use your personal information for a legitimate interest (e.g. to properly investigate incidents which are the subject of a claim, to keep business and accounting records, manage our business operations and to develop and improve our products and services, to draw up statistics). When using your personal information for these purposes, we will always consider your rights and interests.

      When the information that we process is classed as “sensitive personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "sensitive personal information":

      • We need to use such sensitive personal information to establish, exercise or defend legal rights or to manage disputes. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
      • You have provided your (explicit (written) consent to our use of your sensitive personal information (e.g. in relation to your marketing preferences). In some circumstances, we may need your consent to process sensitive personal information (e.g. health information). Without it, we may be unable to offer reinsurance. We will always explain why your consent is necessary
    • We have a relevant legal or regulatory obligation.
      • Purpose for processing Legal grounds for using your personal information Legal grounds for using your sensitive personal information
      To administer and manage a reinsurance contract.
      • We have a relevant legal or regulatory obligation.
      • We have a legitimate interest (to properly manage the reinsurance contract).
      • You have given us your explicit (written) consent.
      Handling and paying insurance claims within the framework of the reinsurance contract
      • We have a relevant legal or regulatory obligation..
      • We have a legitimate interest (to properly manage the reinsurance contract)..
      • You have given us your explicit (written) consent.
      • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.
      Prevention and detection of and investigating and prosecuting fraud and sanctions checking. This might include sharing your personal information with third parties such as the police, and other insurance and financial services providers and insurance industry databases..
      • We have a relevant legal or regulatory obligation.
      • We have a legitimate interest (to prevent, detect and prosecute fraud and other financial crime).
      • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.
      • You have given us your explicit (written) consent.
      Complying with our legal or regulatory obligations.
      • We have a relevant legal or regulatory obligation.
      • You have given us your explicit (written) consent.
      • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.
      Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice).
      • We have a legitimate interest (to effectively manage our business operations, to draw up statistics).
      • You have given us your explicit (written) consent.
      • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.
      Monitoring applications, reviewing, assessing, tailoring and improving our products and services and similar products and services offered by the QBE group.
      • We have a legitimate interest (to draw up statistics, to develop and improve the products and services offered by QBE or the QBE group.
      • You have given us your explicit (written) consent.
      Tracing and recovering debt.
      • We have a legitimate interest (to trace and recover debt that is owed to us)..
      • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.
      Investigating or detecting the unauthorised use of our systems, to secure our system and to ensure the effective operation of our systems).
      • We have a legitimate interest (to ensure the integrity and security of our systems).
      • You have given us your explicit (written) consent.
      • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.
      Transferring or selling part of our business or re-organising our company structure.
      • We have a legitimate interest (to manage our business portfolio and reorganise our company).
      • We have a relevant legal or regulatory obligation.
      • You have given us your explicit (written) consent.

      Who will we share your personal information with?

      We will keep your personal information confidential and we will only share it where necessary for the purposes set out above with the following parties.

      • Other QBE Group companies for our general administration purposes, marketing purposes in accordance with the preferences you have expressed or for the prevention and detection of fraud.
      • Our insurance partners such as brokers, sub-brokers, reinsurers or other companies who act as insurance distributors.
      • Third parties who assist in the administration of insurance policies or the handling of claims. These include loss adjusters, claims handlers, private investigators, accountants, auditors, banks, lawyers and other experts including medical experts.
      • Other insurers who provide our own insurance (reinsurers) and companies who arrange such reinsurance.
      • Third parties who provide sanctions checking services.
      • Insurance industry bodies (including the 'RSR Database' kept by Datassur).
      • Fraud detection agencies and other third parties who operate and maintain fraud detection registers.
      • Our regulators including the National Bank of Belgium (NBB), the Belgian Financial Services and Markets Authority (FSMA), the UK Financial Conduct Authority, and the UK Prudential Regulation Authority.
      • The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime.
      • Debt collection agencies.
      • Credit reference agencies.
      • Our third party service providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers, outsourced business process management providers, our subcontractors and tax advisers.
      • Third parties who undertake analysis for the purposes of product improvement.
      • Selected third parties in connection with any sale, transfer or disposal of our business. Government departments.

        • Third party claimants and third parties under commercial insurance policies

        If you make a claim against a third party who has an insurance policy with one of the insurers we reinsure, this section will be relevant to you and sets out our uses of your personal information.

        What personal information will we collect?

        • Your name, address, date of birth and gender.
        • Financial information such as your information obtained as a result of our credit checks such as bankruptcy orders, individual voluntary arrangements or county court judgments.
        • Information relating to your identity such as your social security number, passport number, vehicle registration number or driving licence number.
        • Information about your job such as job title, employment history and employment records (including information on your salary, benefits and earnings), education history and professional accreditations..
        • Information relating to previous insurance policies you have held and claims you have made.
        • Information relevant to your claim or your involvement in the matter giving rise to a claim. For example, if you make a claim following a road traffic accident, we may use personal information relating to your vehicle and named drivers..
        • Information relating to your previous claims.
        • Information which we obtain as part of checking sanctions lists.
        • Information we have obtained from insurance industry databases such as the 'RSR Database' kept by Datassur.
        • Information which we have gathered from publically available sources such as Crossroads Bank of Legal Entities and Government websites.

        What sensitive personal information will we collect?

        • Details about your criminal convictions and any related information. This will include information relating to any offences or alleged offences you have committed and any caution, court sentence, or criminal sentence which you are or have been subject to
        • Details about your physical and mental health which are relevant to your claim (e.g. because you have been injured whilst at a property insured by us). This may take the form of medical reports or underlying medical data such as x-rays or blood tests.
        • We may also collect other sensitive personal information, in limited circumstances, where relevant to a claim.

        How will we collect your personal information?

        We will collect information from:

        • Third parties involved in the insurance policy or claim (such as our business partners and representatives, brokers, sub-brokers, other insurers).
        • Other third parties who provide a service in relation to your claim such as loss adjusters, claims handlers, solicitors and professional experts (including medical experts), healthcare and rehabilitation providers and other service providers.
        • Other companies within the QBE Group.
        • Insurance industry and other fraud prevention and detection databases and sanctions screening tools such as Absolute, Validus, HMT Sanctions and contracted vendor data wash tools.
        • Insurance industry databases such as the 'RSR Database' kept by Datassur.
        • The police where they have provided us with information and other law enforcement agencies.
        • Government agencies such as the Vehicle Registration Service (DIV) and the tax administrations.
        • Professional regulators

        What will we use your personal information for?

        We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

        • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records.
        • We need to use your personal information for a legitimate interest (e.g. to properly investigate incidents which are the subject of a claim, to keep business and accounting records, manage our business operations and to develop and improve our products and services, to draw up statistics). When using your personal information for these purposes, we will always consider your rights and interests.

          • When the information that we process is classed as “sensitive personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "sensitive personal information":

          • We need to use such sensitive personal information to establish, exercise or defend legal rights or to manage disputes. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or we are considering the claim that has been made against our policyholder.
          • You have provided your explicit (written) consent to our use of your personal information. In some circumstances, we may need your consent to process sensitive personal information (e.g. health information). Without it, we may be unable to handle your claims. We will always explain why your consent is necessary.
        Purpose for processing Legal grounds for using your personal information Legal grounds for using your sensitive personal information
        Prevention and detection of and investigating and prosecuting fraud and sanctions checking. This might include sharing your personal information with third parties such as the police, and other insurance and financial services providers and insurance industry databases.
        • We have a legitimate interest (to prevent, detect and prosecute fraud and other financial crime).
        • We have a relevant legal or regulatory obligation.
        • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.
        • You have given us your explicit (written) consent.
        Complying with our legal or regulatory obligations.
        • We have a relevant legal or regulatory obligation.
        • You have given us your explicit (written) consent.
        • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.
        Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice). For business processes and activities including analysis, review, planning and business transaction.
        • We have a legitimate interest (to effectively manage our business operations, to draw up statistics).
        • We have a relevant legal or regulatory obligation.
        • You have given us your explicit (written) consent.
        • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.
        Tracing and recovering debt.
        • We have a legitimate interest (to trace and recover debt that it is owed to us).
        • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.
        To apply for and claim on our own insurance.
        • We have a legitimate interest (to ensure that we have appropriate reinsurance in place).
        • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes..
        • You have given us your explicit (written) consent.
        Investigating or detecting the unauthorised use of our systems, to secure our systems and to ensure the effective operation of our systems).
        • We have a legitimate interest (to ensure the integrity and security of our systems).
        • You have given us your explicit (written) consent.
        • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.
        Transferring or selling part of our business or re-organising our company structure.
        • We have a legitimate interest (to manage our business portfolio and reorganise our company).
        • We have a relevant legal or regulatory obligation.

        Who will we share your personal information with?

        We will keep your personal information confidential and we will only share it where necessary for the purposes set out above with the following parties.

        • Other QBE Group companies for our general administration purposes, marketing purposes in accordance with the preferences you have expressed or for the prevention and detection of fraud.
        • Our insurance partners such as brokers, sub-brokers, reinsurers or other companies who act as insurance distributors.
        • Third parties who assist in the administration of your claim such as loss adjusters, claims handlers, private investigators, accountants, auditors, banks, lawyers and other experts including medical experts.
        • Other insurers (e.g. where another insurer is also involved in a claim that you are making).
        • Other insurers who provide our own insurance (reinsurers) and companies who arrange such reinsurance.
        • Third parties who provide sanctions checking services.
        • Insurance industry bodies.
        • Fraud detection agencies and other third parties who operate and maintain fraud detection registers.
        • Investigative firms we ask to look into claims on our behalf in relation to suspected fraud.
        • HOur regulators including the National Bank of Belgium (NBB), the Belgian Financial Services and Markets Authority, the UK Financial Conduct Authority and the UK Prudential Regulation Authority.
        • The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime..
        • Our third party service providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers, outsourced business process management providers, our subcontractors and tax advisers.
        • Selected third parties in connection with any sale, transfer or disposal of our business.
        • Government departments

        Witnesses to an incident or other individuals who provide us with information in relation to an incident

        If you are a witness to an incident or an individual who otherwise provides a broker or insurer that we reinsure with information in relation to an incident which is the subject of a claim, this section will be relevant to you and sets out our uses of your personal information.

        What personal information will we collect?

        • Your name, address, date of birth and gender.
        • Information relevant to the incident that you have witnessed.

        What sensitive personal information will we collect?

        We do not routinely process sensitive personal information of witnesses. However, we may do so if it is relevant to the incident that you have witnessed (for example, if you have a health condition which may affect your witness statement).

        How will we collect your information?

        We will collect information from:

        • Third parties involved in the incident you witnessed (such as brokers, sub-brokers, other insurers).
        • Other third parties who provide a service in relation to the claim which relates to the incident you witnessed such as loss adjusters, claims handlers, and experts (including medical experts), healthcare and rehabilitation providers and other service providers.
        • Other companies within the QBE Group

        What will we use your personal information for?

        We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

        • We have a legal or regulatory obligation to use such personal information. For example, our regulators require us to hold certain records of our dealings with you. .
        • We need to use your personal information for a legitimate interest (e.g. to properly investigate incidents which are the subject of a claim, to keep business and accounting records, managing our business operations and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests. .

        When the information that we process is classed as “sensitive personal information", we must have an additional “legal ground". We will rely on the following legal ground when we process your "sensitive personal information":

        • You have provided your explicit (written) consent to our use of your sensitive personal information.
        • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes
        Purpose for processing Legal grounds for using your personal information Legal grounds for using your sensitive personal information
        Handling and paying claims to an insurer.
        • We have a legitimate interest (to assess and pay claims and handle the claims process).
        • WWe have a relevant legal or regulatory obligation.
        • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.
        • You have given us your explicit (written) consent.
        Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice). For business processes and activities including analysis, review, planning and business transactions.
        • We have a legitimate interest (to effectively manage our business operations).
        • We have a relevant legal or regulatory obligation.
        • You have given us your explicit (written) consent.
        Complying with our legal or regulatory obligations..
        • We have a relevant legal or regulatory obligation.
        • You have given us your explicit (written) consent.
        • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.
        Prevention and detection of and investigating and fraud. This might include sharing your personal information with third parties such as the police, and other insurance and financial services providers and insurance industry databases.
        • We have a legitimate interest (to prevent and detect fraud and other financial crime).
        • We have a relevant legal or regulatory obligation.
        • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.
        • You have given us your explicit (written) consent.
        Investigating or detecting the unauthorised use of our systems, to secure our system and to ensure the effective operation of our systems).
        • We have a legitimate interest (to ensure the integrity and security of our systems).
        • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes
        • You have given us your explicit (written) consent
        Transferring or selling part of our business or re-organising our company structure.
        • We have a legitimate interest (to manage our business portfolio and reorganise our company).
        • We have a relevant legal or regulatory obligation.
        • You have given us your explicit (written) consent.

        Who will we share your personal information with?

        We will keep your personal information confidential and we will only share it where necessary for the purposes set out above with the following parties:

        • Other QBE Group companies for our general administration purposes or for the prevention and detection of fraud.
        • Our insurance partners such as brokers, sub-brokers, reinsurers or other companies who act as insurance distributors.
        • Third parties who assist in the administration of the insurance policy or claim. These include loss adjusters, claims handlers, private investigators, accountants, auditors, banks, lawyers and other experts including medical experts.
        • Other insurers (e.g. where another insurer is also involved in the claim which relates to the incident you witnessed).
        • Other insurers who provide our own insurance (reinsurers) and companies who arrange such reinsurance.
        • Fraud detection agencies and other third parties who operate and maintain fraud detection registers.
        • Investigative firms we ask to look into claims on our behalf in relation to suspected fraud.
        • Our regulators including the National Bank of Belgium (NBB), the Belgian Financial Services and Markets Authority, the UK Financial Conduct Authority, and the UK Prudential Regulation Authority..
        • The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime.
        • Our third party service providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, document management providers, outsourced business process management providers, our subcontractors and tax advisers..
        • Selected third parties in connection with any sale, transfer or disposal of our business.

        Insurers, brokers, sub-brokers appointed representatives and other business partners, such as lawyers and claims handlers

        If you are an insurer, broker or sub-broker doing business with us, an appointed representative or other business partner such as a lawyer or claims handler, this section will be relevant to you and sets out our uses of your personal information.

        What personal information will we collect?

        • Your name, address, date of birth and gender.
        • Contact information, including previous contact information, such as your telephone numbers and email addresses.
        • Information about your job such as job title and previous roles.
        • Information which we obtain as part of checking sanctions lists.
        • Information which we have gathered from publically available sources such as Crossroads Bank of Legal Entities and Government websites

        What sensitive personal information will we collect?

        • Information relating to your criminal convictions (including offences and alleged offences and any court sentence or unspent criminal convictions).

        How will we collect your information?

        As well as obtaining information directly from you, we will collect information from:

        • Other QBE Group companies.
        • Publically available sources such as Crossroads Bank of Legal Entities and Government websites.
        • From service providers who carry out sanctions checks.

        What will we use your personal information for?

        We may use your personal information for a number of different purposes.  In each case, we must have a "legal ground" to do so. We will rely on the following “legal grounds”, when we process your "personal information":

        • We need to use your personal information to enter into or perform the contract that we hold with you. For example, we may need certain information in order to operate our business partnership arrangement.
        • We have a legal or regulatory obligation to use such personal information. For example, we may be required to carry out certain background checks, to the extent permitted under applicable law.
        • We need to use your personal information for a legitimate interest (e.g. to keep business and accounting records, manage our business operations and to improve quality, training and security). When using your personal information for these purposes, we will always consider your rights and interests.

        When the information that we process is classed as “sensitive personal information", we must have an additional “legal ground". We will rely on the following legal grounds when we process your "sensitive personal information":

        • We need to use your sensitive personal information to establish, exercise or defend legal rights or to manage disputes. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves.
        Purpose for processing Legal grounds for using your personal information Legal grounds for using your sensitive personal information

        Managing our business operations such as maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g. tax or legal advice).For business processes and activities including analysis, review, planning and business transaction.
        • We have a legitimate interest (to effectively manage our business operations)..
        • We have a relevant legal or regulatory obligation.
        • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes..

        To provide key business services
        • We have a legitimate interest (to effectively provide reinsurance services and rely on the expertise of other third parties to assist)
        • Not applicable.

        To build and maintain our business relationships
        • We have a legitimate interest (to build strong business relationships and manage such relationships).
        • Not applicable.

        To communicate with you and provide you with marketing communications. Complying with our legal or regulatory obligations
        • We have a legitimate interst (to operate and develop out business).
        • We need to use your information in order to comply with our legal obligations.
        • Not applicable.
        • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.

        Communicating with you to manage and handle your queries..
        • We have a legitimate interest (to send you communications to effectively manage our business and respond to your queries).
        • • It is necessary to enter into or perform our contract with you.

        Not applicable.

        Investigating or detecting the unauthorised use of our systems, to secure our systems and to ensure the effective operation of our systems)..
        • We have a legitimate interest (to ensure the integrity and security of our systems).
        • We need to use your information in order to establish, exercise or defend legal rights or to manage disputes.

        Transferring or selling part of our business or re-organising our company structure.

        • We have a legitimate interest (to manage our business portfolio and reorganise our company).
        • We have a relevant legal or regulatory obligation.
        • Not applicable.

        Who will we share your personal information with?

        We will keep your personal information confidential and we will only share it where necessary for the purposes set out above with the following parties:

        • Other QBE Group companies for our general administration purposes, marketing purposes in accordance with the preferences you have expressed or for the prevention and detection of fraud.
        • Our insurance partners such as brokers, sub-brokers, reinsurers or other companies who act as insurance distributors
        • Other insurers.
        • Third parties who provide sanctions checking services.
        • Fraud detection agencies and other third parties who operate and maintain fraud detection registers.
        • Our regulators including the National Bank of Belgium (NBB), the Belgian Financial Services and Markets Authority the UK Financial Conduct Authority, and the UK Prudential Regulation Authority.
        • The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime.
        • Our third party service providers such as IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, our subcontractors and tax advisers.
        • Selected third parties in connection with any sale, transfer or disposal of our business.

        Users of the QBE websites

        If you are a user of the QBE websites, this section will be relevant to you and sets out our uses of your personal information.

        What personal information will we collect?

        • General information submitted via the website, for example where you provide your details via the contact us section such as your name, contact details (telephone numbers and email addresses) and company name.
        • Information obtained through our use of cookies. You can find more information about this in section 9.

        How will we collect your personal information?

        We will collect your information directly from our website.

        What will we use your personal information for?

        We may use your personal information for a number of different purposes. In each case, we must have a "legal ground" to do so. We will rely on the following “legal ground”, when we process your "personal information":

        • We need to use your personal information for a legitimate interest (e.g. to monitor the number of visitors and usage of our website, to follow up on enquiries and to provide marketing information to you). When using your personal information for these purposes, we will always consider your rights and interests.

        Who will we share your personal information with?

        We will keep your personal information confidential and we will only share it where necessary for the purposes set out above with our QBE Group companies.

We only send marketing communications to our business contacts such as brokers, subbrokers, appointed representatives and other business partners. We will send marketing communications via post, email, telephone and social media. You can opt-out of marketing communications at any time by contacting us using the details set out in section 10 below.

How long do we keep your personal information for?

We will keep your personal information for as long as reasonably necessary to fulfil the purposes set out in section 2 above and to comply with our legal and regulatory obligations.

We have a detailed retention policy in place which governs how long we will hold different types of information for. The exact time period will depend on your relationship with us, the type of personal information we hold and the type of reinsurance, for example:

  • If we have a business relationship with you, we will retain your details for the lifetime of such relationship and for 7 years after.

If you would like further information regarding the periods for which your personal information will be stored, please contact us using the details set out in section 10.

Sometimes we (or third parties acting on our behalf) will transfer personal information that we collect about you to countries outside of the European Economic Area ("EEA").

Where a transfer occurs we will take steps to ensure that your personal information is protected. We will do this using a number of different methods including:

  • putting in place appropriate contracts. We will use a set of contract wording known as the "Standard Contractual Clauses" which has been approved by the data protection authorities. You can find out more about the Standard Contractual Clauses here.
  • transferring personal information only to countries which have been deemed by European data protection authorities to have adequate levels of data protection. You can find out more about this here.

Depending on our relationship and your particular circumstances, we might transfer personal information anywhere in the world. A summary of our regular data transfers outside the EEA is set out below:

Country of transfer Reason for the transfer Method we use to protect your information

Australia

Reporting to our parent company

Standard Contractual Clauses

Philippines

Some of our back-office functions are provided by our Group Shared Services Centre in the Philippines

Standard Contractual Clauses

USA

Our email system is provided through a hosted service with servers located in the USA.

Standard Contractual Clauses

India

Some of our third party IT adequacy-protection-personal-data-non-eu-countries_entechnology suppliers providedsome of their services from India.

Standard Contractual Clauses

If you would like further information regarding our data transfers and the steps we take to safeguard your personal information, please contact us using the details set out in section 10.

We have a package of technical and organisational measures in place to protect your personal information which have been adopted to comply with the latest data protection requirements. The measures cover various aspects of data security including the following:

  • Encryption, data masking and activity logging as appropriate
  • Putting in place access controls and maintaining access logs
  • Having minimum password requirements and requiring regular changes to passwords
  • Having physical access controls to our offices
  • Implementing procedures for security incident management and back-up and recovery and having in place disaster recovery and business continuity plans
  • Use of firewalls and up-to-date virus scanning software and email filtering services
  • Providing regular security and privacy/data protection training for all our employees
  • Keeping a list of the categories of persons having access to sensitive personal information, including a detailed description of their capacity with respect to the information
  • Ensuring that persons having access to sensitive personal information are bound by a contractual, statutory or equivalent confidentiality obligation

Our security measures are kept under periodic review and are regularly updated to reflect developments in technology and security and changes to our business. However, please be aware that there are inherent security risks in transmitting data, such as e-mails or via the Internet, because it is impossible to safeguard completely against unauthorised access by third parties.

What is profiling?

Profiling is any form of automated processing of personal information to evaluate certain personal aspects. Insurance underwriting, and sometimes claims payment, is based on profiling as it assesses the event that you are seeking to insure and the likelihood of that event occurring. We use profiling as part of:

  • Assessing reinsurance applications. We will compare the information against industry averages and our previous experience. We will use the outcome of that profiling to decide whether or not to offer reinsurance and the premium price.
  • Preventing and detecting insurance fraud. We use systems to help us recognise likely indications of (re)insurance fraud. This might result in a claim being passed to our fraud team for further investigation.

We keep our profiling process under regular review and, in most cases, an individual will then make a decision based on the outcome of that profiling.

What is automated decision making?

Automated decision making refers to a situation where a decision is taken using personal information that is processed solely by automatic means (i.e. using an algorithm or other computer software) rather than a decision that is made with some form of human involvement.


Automated decision making is widely used in the (re)insurance industry to offer and administer reinsurance efficiently and accurately. Where an automated decision produces a legal or other similarly significant effect concerning you, we will only carry out automated decision making using your personal information where it is necessary for the purposes of entering into or performing a contract with you (e.g. to assess the insurance application). In all other cases, we will ask for your consent in advance.


We use a proprietary system called LifeQube to assess risk and calculate premium and to determine whether or not we will reinsure a particular risk in relation to certain life policies. This is based on medical information which you provide to your insurer and which they input into the system through a series of questionnaires (e.g. your BMI and whether you are a smoker). The answers to those questionnaires will trigger an automated decision that can be Accept, Accept but with a higher premium, Decline or Request to fill in another questionnaire (e.g. specific questions about the heart, diabetes, etc.). For example, whether you are a smoker or have heart disease may impact the rate we charge to your insurer (and therefore the premium which you pay) as well as whether or not we decide to reinsure the policy. Your insurer may still decide to underwrite the policy with you or to obtain reinsurance from another provider. You should check with your insurer if any automated decision making has been part of the decision on whether or not to underwrite the policy or in setting the premium.


Please see section 8 for the rights that arise when we carry out automated decision making including profiling. If you object to a decision based solely on automated processing, you should contact your insurer and have the right to obtain human intervention on the part of the insurer, to express your point of view and to contest the decision.

Under data protection law you have a number of rights in relation to the personal information that we hold about you which we set out below. These rights might not apply in every circumstance. You can exercise your rights by contacting us at any time using the details set out in section 10. We will not usually charge you in relation to a request.
Please note that although we take your rights seriously, there may be some circumstances where we cannot comply with your request such as where complying with it would mean that we couldn't comply with our own legal or regulatory obligations. In these instances we will let you know why we cannot comply with your request.
In some circumstances, complying with your request may result in the termination of the relationship. We will inform you of this at the time you make a request.

The right to access your personal information

You are entitled to a copy of the personal information we hold about you and certain details about how we use it.
We will usually provide your personal information to you in writing unless you request otherwise. Such request will usually be without charge. Where your request has been made electronically (e.g. by email), a copy of your personal information will be provided to you by electronic means where possible.

The right to rectification

We always take care to ensure that the information we hold about you is accurate and where necessary up to date. If you believe that there are any inaccuracies, discrepancies or gaps in the information we hold about you, you can contact us and ask us to update or amend it.

The right to restriction of processing

In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to use your personal information.

The right to withdraw your consent

Where we rely on your consent in order to process your personal information, you have the right to withdraw such consent to further use of your personal information.
Please note that for some purposes, we need your consent. If you withdraw your consent, we may no longer be able to perform our obligations. We will advise you of this at the point you seek to withdraw your consent.

The right to erasure

This is sometimes known as the 'right to be forgotten'. It entitles you, in certain circumstances, toprequest deletion of your personal information. For example, where we no longer need Yourpersonal information for the original purpose we collected it for or where you have exercised your right to withdraw consent.
Whilst we will assess every request, there are other factors that will need to be taken into consideration. For example we may be unable to erase your information as you have requested because we have a legal or regulatory obligation to keep it.

The right to object

In certain cases, you have the right to object to our processing. This arises in relation to:
Marketing: You have control over the extent to which we market to you and you have the right to request that we stop sending you marketing messages at any time. You can do this either by clicking on the "unsubscribe" button in any email that we send to you or by contacting us using the details set out in section 1010. Please note that even if you exercise this right because you do not want to receive marketing messages, we may still send you service related communications where necessary.
Processing based on our legitimate interest: Where we process your personal information on the basis of a legitimate interest, you can object to such processing, unless our purpose outweighs any prejudice to your privacy rights.

The right to data portability

In certain circumstances, you can request that we transfer personal information that you have provided to us directly to a third party.

Rights relating to automated decision-making including profiling

Where an automated decision or profiling produces a legal or other similarly significant effect concerning you (for example, where your policy or claim is rejected), you have the right to ask us to reconsider a decision taken by automated means or profiling or to take a new decision on a different basis (e.g. by introducing some form of human involvement).

The right to make a complaint

You have a right to complain to the local regulator – where you are resident. You also have the right to complain to either the Belgian Data Protection Authority (previously known as the Privacy Commission) or the UK Information Commissioner's Office (ICO) if you believe that we have breached data protection laws when using your personal information.
You can visit the Belgian Data Protection Authority's website at http://www.dataprotectionauthority.be and/or ICO's website at https://ico.org.uk/ for more information. Please note that lodging a complaint will not affect any other legal rights or remedies that you have.

If you would like further information about any of the matters in this notice or if have any other questions about how we collect, store or use your personal information, you may contact our data protection officer by emailing dpo@uk.qbe.com or writing to:

The Data Protection Officer
QBE Re (Europe) Limited
Plantation Place
30 Fenchurch Street
London EC3M 3BD
United Kingdom

From time to time we may need to make changes to this notice, for example, as the result of changes to law, technologies, or other developments. We will provide you with the most up-todate notice and you can check our website https://qbere.com periodically to view it. This notice was last updated on 5th January 2021.