This Privacy and Data Protection Policy is effective December 10, 2018.
TRANSATLANTIC HOLDINGS, INC.
GLOBAL INSURANCE AND REINSURANCE PRIVACY & DATA PROTECTION POLICY
1. What We Do
Transatlantic Holdings, Inc., its subsidiaries, branches and affiliates (collectively referred to as “TransRe”), recognize the importance of effective and meaningful privacy protections when it collects, uses, and discloses Personal Information.
We are in the business of providing reinsurance to insurance companies. Certain of our subsidiaries provide insurance to companies and individuals. In providing reinsurance services to meet the needs of our business partners, we collect information from them about their insureds to both underwrite reinsurance policies and to settle related claims. We work extensively with reinsurance brokers whose role is to help connect insurance companies with reinsurers for added reinsurance coverage to meet their insurance needs.
If you are a policyholder of Calpe Insurance Company Limited (“Calpe”), or are insured under, or have made a claim in connection with, a policy issued by Calpe, you can find a summary of Calpe’s use of information below in the addendum.
If you are a policyholder of Fair American Insurance and Reinsurance Company (“FAIRCO”) and Fair American Select Insurance Company (“FASIC”), you can find a summary of each company’s use of information below in the addendum.
As part of our business model, we make an ongoing effort to safeguard and protect nonpublic information whether it is nonpublic information, personally identifiable information, personal health information or confidential business information. The information of our business partners and employees is very important to us, we do not sell confidential business or personally identifiable information. We only use, disclose, or share personal or confidential business information for business purposes as described in this policy. This policy applies to all TransRe business entities, brands and operations globally, including joint ventures and partnerships, to TransRe.com, and to TransRe subsidiary websites.
2. What Data We Collect
We collect information when a business partner applies for a reinsurance policy. This generally includes company name, address and other relevant underwriting application information that is provided to us. Application and related claim information is used to evaluate underwriting risk, to formulate policy and pricing terms, and to assist in claims handling.
Some of the information collected may, from time to time, depending on the business requirements, fall into what is deemed “Personal Information” (“PI”) or “Nonpublic Information” (“NI”) which is data that identifies or has the potential to directly or indirectly identify a person taken alone or in combination with other information. Such data may include an individual’s name, address, Social Security or other government issued identification number, e-mail address, date of birth, or financial account numbers. We also safeguard confidential business information that is provided to us by our business partners such as insurance companies and insurance brokers as to their own insurance business practices and related losses when pertinent. At the end of the underwriting application process we are required by our regulators to also retain applicant information for five (5) years even if the application is denied.
In working with our (re)insureds in the underwriting process, we may collect information about them and/or their business(es) relevant to policy requirements and coverage, risks associated with it and such things as pricing, claim history, and license status. We may also ask for information concerning past claims by patients, clients or licensing bodies. In the event of a claim or anticipated claim, we collect related claim information to help evaluate and complete the claims process. This may include information as to the nature of the claim, the parties involved, and documentation to support the underlying claim.
In some instances, claim information may be medical or health-related information, also referred to as Protected Health Information (“PHI”), which is regulated and protected under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). As such, whether it is PHI claim information or Nonpublic Information (“NI”) or Personally Identifiable Information (“PII”), it is information that may be regulated and protected by Health Insurance Portability and Accountability Act (“HIPAA”), the New York Department of Financial Services (“NY DFS”), the Fair Credit Reporting Act (“FCRA”) or other Global or U.S. Privacy and Information Security Laws.
TransRe may use PI or NI in a variety of ways, including:
- Administrative Purposes. TransRe may use PI or NI for its administrative purposes, including, without limitation, to: (a) perform internal quality control; (b) verify identity; (c) send communications regarding our website, programs or services, customer accounts, or any changes to any policy or terms of service; (d) process payments; (e) prevent potentially prohibited or illegal activities; and (f) enforce our website’s Terms & Conditions.
- Marketing Products and Services. TransRe may use PI to provide materials about offers, products and services offered by us, including new content or services on TransRe’s Websites. TransRe may provide these materials by phone, postal mail, facsimile or email, as permitted by applicable law. To opt out of the use of PI for such purposes, please contact TransRe as further described below.
- Research and Development. TransRe may use PI to create non-identifiable information that we may use alone or in the aggregate with information obtained from other sources, in order to help us to optimally deliver our existing products and services or develop new products, processes and services.
- Pseudonymous Data. TransRe may use and share anonymized or aggregated information within the TransRe group of companies or with third parties for public health, research, analytics and any other legally permissible purposes.
- Other Uses. TransRe may use PI or NI for other purposes disclosed at the time PI or NI is provided to TransRe or with consent.
More information about how TransRe, and other companies involved with the provision of (re)insurance, may process information is included in the London Market Core Uses Information Notice available at https://www.londonmarketgroup.co.uk/gdpr. The London Market Notice was purposely developed to assist policyholders in understanding how insurance companies, brokers, market participants and others involved in providing you with insurance and settling your claims may market, collect, process and use your personal information.
3. Website Specific Data
Cookies may be accepted or declined. While most Web browsers automatically accept cookies, browser settings can be modified to decline cookies. However, disabled cookies may limit functionality of some Website features. Cookies can be deleted from the hard drive at any time by clicking on the Privacy or History tab typically found on the Settings or Options menu in the internet browser. However, please also be advised that cookies may be necessary to provide access to much of the content and many of the features of TransRe’s Website.
Web beacons may also be used which are transparent pixel images that are used to collect information about Website usage, email response and tracking. A web beacon can collect information such as the Internet Protocol (“IP”) address of the computer that downloaded the page on which the tag appears; the URL of the page on which the beacon appears; the time the page containing the beacon was viewed; the browser type and language; the device type; geographic location; and the identification number of any cookie on the computer previously placed by that server.
Web Server Logs
Certain information is gathered automatically and stored in web server logs for various reasons including administering the site, analyzing trends and tracking usage. This information does not identify individual users. This information may include the following: Internet protocol (IP) address; type of browser, computer and operating system, browser plug-ins, height and width, Internet Service Provider (ISP), search engines, and keywords used to find our site; pages viewed within our site; city, state or country from which our site was accessed, Web pages linked to our site from, date and time of visit, pages viewed on our site and other clickstream data.
The Website is not directed to and will not knowingly collect Personal Information from children under the age of thirteen (13) without their parents’ consent.
4. Information from Third Party Sources
TransRe may collect information from Third-Party sources to supplement information that we collect. This supplemental information allows us to verify information that is provided to TransRe and to enhance our ability to provide you with information about our business, products and services. TransRe’s agreements with these Third Party-sources typically limit how TransRe may use this supplemental information.
5. Who Sees Your Data
TransRe application or other business information may be shared with business contacts such as program administrators, managing general agents, insurance brokers, actuaries, accountants, reinsurers and reinsurance brokers, application or IT services providers, and legal counsel to facilitate TransRe business objectives. Regulators may also view application or other business information in carrying out their regulatory or legal duties. Other information may be used for routine business activities, including evaluating and underwriting policies, auditing, establishing pricing and other underwriting criteria, evaluating, processing, paying or rejecting claims, and other purposes authorized by law.
We may also share personal information with other companies or individuals outside of TransRe for the following limited purposes: (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of its users, or the public as required or permitted by law.
6. Information Security
TransRe uses information security policies that are designed to protect and secure the confidentiality and integrity of its business data whether it is nonpublic information, protected health information or confidential business information. And, although administrative, technical and physical safeguards are in place, important regulatory concerns surround the secure use of the Internet, unforeseen system vulnerabilities, social engineering risks and the possibility of third-party negligence or malfeasance. These added risks are why TransRe cannot guarantee that information will always remain absolutely confidential at all times or warrant the security of any information transmitted to TransRe, and Individuals do so at your own risk.
So as noted even though we take precautions to secure our business partner’s information and apply commercially reasonable and appropriate safeguards we cannot guarantee information cybersecurity. To the extent you or others in your company access information on TransRe systems through the use of a password, we ask that you keep your password confidential and secure because we cannot be responsible for acts resulting from the unauthorized use of your password or compromises to the security of your computers, networks or systems.
7. Data Collection Principle Based Practices
TransRe adheres to US and EU Data Protection principles as well as other applicable data protection regulations that apply to TransRe’s global business operations. We extend these practices to our business partner data collection procedures worldwide except where local requirements warrant modification or where adherence may be limited in order to comply with law enforcement, public, interest or national security. The following principles are part of TransRe’s privacy and information cyber security business practices:
Fair Use – We collect, use or disclose Personal Information by lawful, fair, open and transparent means in accordance with applicable laws in observation of the legal rights of individuals.
Choice – When Personal Information is collected by TransRe’s business partners and then transferred to TransRe we again rely on our business partners to have obtained the necessary consent. If TransRe is dealing directly with individuals for some reason in a separate legal relationship it provides sufficient information to allow the individual to make an informed decision and allows them to later withdraw their consent if not prohibited by other overriding legal requirements.
TransRe uses Personal Information in accordance with the purpose for which it was first collected and for ongoing related legitimate business purposes. TransRe obtains new explicit consent if the data is to be used for new or other purposes than those covered by the initial consent. In circumstances where we are directly collecting Sensitive Personal Information or Special Category Personal Data, we obtain explicit affirmative express consent by the Individual for use, retention, access, collection or sharing.
Integrity – TransRe takes reasonable steps to ensure that Personal Information collected, used or disclosed is accurate, up-to-date, complete, reliable and relevant to the purposes for which it is used or disclosed.
Limited Use – TransRe limits the collection of Personal Information to that which is relevant and purposeful to the reason collected. TransRe again only uses Personal Information in accordance with its original purpose and obtains prior explicit consent for new uses not covered by the relevant privacy notice.
Limited Retention – TransRe retains Personal Information for as long as reasonably required to serve TransRe’s legitimate business needs. Personal Information that is no longer needed for business purposes is deleted, destroyed or at times anonymized if retained.
Security – TransRe takes reasonable precautions designed to protect Personal Information under its control or in its possession against loss, theft, misuse, unauthorized access, disclosure, modification, alteration or destruction. These precautions include administrative, technical, physical and organizational measures appropriate to the risks and are designed to include such things as password protections, encryption and access control. (See 6. Information Security section above)
Third Parties – TransRe Personal Information that is accessed by, or shared with, third-parties, requires that third parties expressly contract in writing that they provide the same or similar data protection, confidentiality and security standards as TransRe.
Training and Compliance – TransRe provides training to employees on how to appropriately collect, use or access Personal Information. Employee training and education is provided on an ongoing basis to ensure employees regularly learn how to use and secure Personal Information. Amendments to this Policy will be effective when published to employees on TransRe’s PolicyHub policy management portal or to the TransRe website.
8. Transfer of Information to the United States
9. California Privacy Rights
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the Third Parties to whom we have disclosed their Personal Information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of Personal Information disclosed to those parties.
10. Do Not Track
Do Not Track (“DNT”) is a privacy preference setting that users can enable in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please be advised that TransRe does not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
11. Links to Third Party Websites and Other Company’s Privacy Policies
13. Redress/Compliance and Accountability
Chief Privacy Officer
Transatlantic Reinsurance Company
One Liberty Plaza
165 Broadway, 16th Floor
New York, NY 10006
France Privacy Data Protection Policy Addendum
In addition to the rights described in the Policy, you may also have the following right against TransRe with regard to your Personal Information:
- Right to give instructions concerning the use of your Personal Information after your death.
Calpe Insurance Company Privacy Data Protection Policy Addendum
What We Do
Calpe Insurance Company Limited (“Calpe”), is a wholly owned subsidiary of Transatlantic Reinsurance Company (“TransRe”) engaged in the business of providing insurance coverage through Co-Insurers or Managing General Agents (“MGAs”).
Calpe as a subsidiary of TransRe is included in the scope of the Transatlantic Holdings Inc. Global Insurance and Reinsurance Privacy & Data Protection Policy.
What Data We and Others Collect
Calpe’s Co-Insurers, MGAs and/or their agents are the preliminary point of contact for issuing a Calpe insurance policy and managing any claims under a policy and are the initial data controller with respect to any information collected by them in order to do so. You can contact their data protection officer to advise you on the other insurance market related participants with whom they have shared or may share your personal information.
Calpe will collect and use information about you, such as your name and contact details, as well as more sensitive information (for example about your health) for the following purposes: (i) onboarding you as a client (including internal compliance, anti-money laundering and fraud checks); (ii) evaluating risks and matching them to appropriate insurance cover (including risk modelling and profiling on a non-attributed aggregated basis against similar information provided by other clients); (iii) general client care and administrative purposes; (iv) receiving and recovering payments due to Calpe; (v) assisting in the management of claims; (vi) internal records keeping and building databases for use by Calpe, its co-insurers and MGAs; and (vii) in connection with a sale or reorganisation of our business. Although at present, Calpe does not use your information for marketing purposes it may as permitted under the law.
Calpe does not sell your information to third parties or share it with any third parties for any other purpose than business purposes. Calpe may pass your information to third parties such as reinsurers, claims and loss adjusters, our affiliates and to certain regulatory bodies who may require your information themselves for the purposes referred to above. Calpe may also pass your information to third party agents who handle it on our behalf. These third parties are subject to obligations to protect your information but may be located in countries that have less robust data protection laws than those of your country.
Use of personal data you must consent to: Calpe may need to collect information about you that is sensitive (for example, information about your health or any criminal convictions). Where this is required, your consent to this processing is necessary for Calpe to provide you with the relevant services. Although you may withdraw your consent at any time, if you do, Calpe may be unable to continue to provide services to you, and this may mean that Calpe is unable to process your inquiry or claim or that your insurance coverage will stop.
For more detail about how Calpe processes and other companies involved in the provision of your insurance or the processing of a claim may use your information and how you may exercise your rights in respect of that information, please refer to the LMA Insurance Market Personal Data Uses Notice described in the Transatlantic Holdings Inc. Global Insurance and Reinsurance Privacy & Data Protection Policy or email Privacy@TransRe.com.
c. Redress/Compliance and Accountability
Chief Privacy Officer
Transatlantic Reinsurance Company
One Liberty Plaza
165 Broadway, 16th Floor
New York, NY 10006
If, after contacting your agent or us, you are not satisfied with the explanation of the use of your personal data or the response you receive to any request by you to exercise any of your rights, or if you think the GDPR may have been breached, then you have the right to complain to the Information Commissioner’s Office in the UK or the Data Protection Commissioner in Ireland.
Please see below for contact details of the ICO and the Data Protection Commissioner.
Fair American Insurance and Reinsurance Company & Fair American Select Insurance Company Data Protection Policy Addendum
What We Do
Fair American Insurance and Reinsurance Company (“FAIRCO”) and Fair American Select Insurance Company (“FASIC”) are wholly owned subsidiaries of Transatlantic Reinsurance Company (“TransRe”) engaged in the business of providing insurance.
FAIRCO and FASIC are both subsidiaries of TransRe and included in the scope of the Transatlantic Holdings Inc. Global Insurance and Reinsurance Privacy & Data Protection Policy.
What Data Do We Collect?
We collect information when an insured applies for a policy, including name, address and other relevant application information that the applicant voluntarily provides to us. Application and claim information is used to evaluate underwriting risk, to formulate policy terms, and to assist in claims handling. In addition, we may collect information about payment history and methods, billing, accounting, and other similar information. Some of this information may be what is deemed Personal Information or Protected Health Information
Information collected in connection with being an insured includes information about the type of business in which the insured is involved relevant to the policy and coverage, including information about such things as training, credentials, work history, and license status. In some instances a credit check may be conducted on the applicant’s credit history. We may also ask for information concerning past claims by patients, clients or licensing bodies. In the event of a claim or anticipated claim, we collect related claim information to help evaluate and complete the claims process. This may include information as to the nature of the claim, the parties involved, and documentation that supports the underlying claim.
Sometimes the claims information will be medical or health related, also referred to as Protected Health Information (“PHI”), which is regulated and protected under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). As such, whether it is PHI claim information or Nonpublic Information (“NI”) or Personally Identifiable Information (“PII”), it is information that may be regulated and protected by HIPAA, the Gramm-Leach-Bliley Act (“GLBA”), the New York Department of Financial Services (“NY DFS”),Cybersecurity Regulation, the Fair Credit Reporting Act (“FCRA) or other U.S. related Privacy and Information Security Laws and which we only share with entities that agree to protect the privacy and security of such data as required by law.
How We Use This Data
Application or other business information may be shared with business contacts such as program administrators, managing general agents, insurance brokers, actuaries, accountants, reinsurers and reinsurance brokers and legal counsel to facilitate FAIRCO’s or FASIC’s business objectives. Regulators may also view application or other business information in carrying out their regulatory responsibilities. Other information may be used in furtherance of FAIRCO’s or FASIC’s routine business activities, including evaluating and underwriting policies, auditing, establishing pricing and other underwriting criteria, evaluating, processing, paying or rejecting claims, and other purposes authorized by law.
How You Can Contact Us
If you have any questions or concerns about this Privacy Data Protection Policy, please email us at firstname.lastname@example.org or by contacting the person listed below.
Chief Privacy Officer
Fair American Insurance and Reinsurance Company
Fair American Select Insurance Company
One Liberty Plaza
165 Broadway, 16th Floor
New York, NY 10006