Last Updated July 2023
1. SCOPE
The Hartford (“we, us, our”) values your trust and is committed to the responsible management, use and protection of personal information. The Hartford includes Hartford Fire Insurance Company, Hartford Management (UK) Ltd., Navigators Holdings (UK) Ltd., Hartford Underwriting Agency Ltd., Navigators Underwriting Ltd., Navigators Insurance Company – U.K. Branch, Hartford Asia Limited, Hartford Corporate Underwriters Limited, Millennium Underwriting Limited and other entities of the group. This Privacy Notice will explain how we collect and use Personal Data (as defined below) about you when you use the Consumer Services, in accordance with the UK Data Protection Act of 2018, European Union ("EU") General Data Protection Regulation ("GDPR"), Swiss Data Protection Law, where applicable, and other applicable EU or member state national data protection laws (together "Data Protection Laws").
This international customer and third party privacy notice (“Privacy Notice”) is applicable to the information collected from or about you: in your interactions with us in relation to inquiries, applications, as our insured or customer, or as a claimant or beneficiary pursuant to one of our policies or services (we will refer to these interactions collectively as the “Consumer Services” throughout this Privacy Notice).
This Privacy Notice supplements, but does not replace other applicable policies, practices and privacy notices that may relate to specific business relationships you have with The Hartford or to certain products or services, as described in the applicable privacy notice. In the event of a conflict between this Privacy Notice and a privacy notice for a specific product or service, the specific product or service privacy notice shall govern.
We may update this Privacy Notice at any time and any revisions will be posted on the company website, here: The Hartford Privacy Policies.
INDEX
- Scope
- Personal Data We Collect, Including Special Categories
- How We Collect Your Data
- Purpose and Legal Basis for Processing Your Personal Data
4.1 Processing
4.2 Marketing - Change of Purpose
- How We Secure Your Personal Data
- How We Share Your Personal Data
- Transferring Personal Data Outside the EU/EEA
- How Long We Retain Your Personal Data
- Data Accuracy and Your Duty to Inform Us of Changes
- Your Data Protection Rights
- Children’s Privacy
- Changes to Our Privacy Notice
- How to Contact Us
- Appendix – Data Protection Authorities
2. PERSONAL DATA WE COLLECT, INCLUDING SPECIAL CATEGORIES
We collect the following personal data, including, under certain circumstances, and where legally permitted, "special categories" of data (i.e., more sensitive personal information receiving a higher level of protection such as information about your health, including any medical condition, health, sickness records; genetic data; biometric data; and criminal conviction data, "Special Categories of Personal Data") (collectively, your “Personal Data”):
a. Individual Details: means: (i) personal contact and identifying information such as names, home addresses, email addresses, phone numbers, dates of birth, gender, family details and (ii) business contact details such as job title, email address, telephone number, and employment history
b. Identification Details: means identification numbers issued by government bodies or agencies, including: social security numbers, passport number, driver’s license number or national identification number;
c. Policy Information: means information that you provide in support of an application for insurance, quote or a policy purchased, such as automobile information (including vehicle identification number).
d. Financial Information: means bank account or payment card details, income or other financial information.
e. Claim History: means information in relation with previous and current claims (such as photographs relating to a claim and information related to legal proceedings) including data relating to your health or criminal convictions.
f. Credit and Fraud Data: means credit history, credit score, sanctions and criminal offences, information received from various antifraud databases relating to you.
g. Risks Details: means information about you which we need to collect in order to assess the risks to be insured and provide a quote. This may include data relating to your health and criminal convictions.
3. HOW WE COLLECT YOUR DATA
You directly provide The Hartford with most of the Personal Data we collect. We collect and process Personal Data when you:
a. Submit an application for insurance or request a quote for one of our products.
b. Submit a claim for insurance coverage.
c. Voluntarily complete a customer survey or provide feedback on any of our message boards or via email.
d. Participate in a promotion.
e. Contact us, such as for customer service purposes.
The Hartford may also receive your Personal Data indirectly from the following sources:
a. From your family member, employer, broker or representative.
b. In the event of a claim, third parties including: the other party to the claim (claimant, defendant), witnesses, experts (including medical experts), loss adjustors and claim handlers.
c. Affiliates, payment processors, service providers, and other third parties.
d. Background check provider or credit reference agency.
e. Information available in the public domain.
f. Other insurers, brokers and reinsurers.
g. Anti-fraud databases, sanctions lists, court judgments and other databases.
h. Government agencies.
i. Social media such as LinkedIn, Facebook and Twitter.
j. Third party marketing databases.
k. Analytics providers.
l. Search information providers.
4. PURPOSE AND LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
4.1. PROCESSING
Our processing activities in relation to customer and third party personal data vary, such as the categories of data that we collect and the legal grounds upon which we process your Personal Data. For ease of reference, this information is provided in a table format, which can be accessed in a downloadable PDF:
4.2. MARKETING
We may use your Personal Data to send you marketing communications about our insurance products or our related services. This may be in the form of email, printed material sent by post, text/SMS, or telephone. We will only ever do this in accordance with law, such as with your consent or if you are in a business relationship with us. You have the right to stop us marketing to you by opting out of such marketing when you receive electronic communications from us or by contacting our data protection officer.
Pursuant to the above, we may share your Personal Data with selected third parties, including:
- Manage our everyday business needs, such as for our internal account management, client reporting, contract management, business continuity and disaster recovery, corporate governance, reporting and legal compliance.
- Advertisers and advertising networks that need the information to help them choose and show adverts to you and others;
- Analytics and search engine providers that assist us in the improvement and optimization of our website; and
- Professional advisers and service providers involved in our marketing activities.
5. CHANGE OF PURPOSE
Unless otherwise permitted under law, we will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above disclosures, where this is required or permitted by law.
6. HOW WE SECURE YOUR PERSONAL DATA
The protection and security of your Personal Data is important to us. We employ reasonable physical, administrative, and technical safeguards to protect the Personal Data you provide to us and which is stored in our systems. We require service providers to take appropriate security measures to protect your Personal Data in line with our policies. We only permit service providers to process your Personal Data for specified purposes and in accordance with our instructions.
We have in place security measures to protect the security of your information and to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, service providers, agents, contractors and other third parties who have a business need to access your data. They will only process your Personal Data on our instructions or as required under applicable law, and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place procedures to respond to any suspected data security breach and will notify you and any applicable regulator of a breach of your Personal Data where we are legally required to do so.
7. HOW WE SHARE YOUR PERSONAL DATA
a. Disclosures between The Hartford affiliates
We may share your Personal Data within The Hartford for the reasons stated in the “Purpose and Legal Basis for Processing” section above. We may also share your Personal Data within The Hartford as part of our regular business and reporting activities, for system maintenance support, for hosting of data and for other legitimate business reasons, including data analysis, business development, forecasting, strategy assessment, resource planning, security, and general business operations.
b. Disclosures to Third Parties
We may have to share your Personal Data with third parties, including third party service providers. Third parties can include but are not limited to:
(i) financial service providers, such as independent agents, brokerage firms, insurance companies; (ii) marketing and promotion service providers; (iii) data analysis service providers; (iv) legal service providers; (v) accounting service providers; (vi) administrative service providers; (vii) security service providers; (viii) application service providers
The following are the types of activities carried out by Third parties:
i. claims management activities and administration;
ii. reinsurance
iii. insurance or benefits claims and notifications;
iv. hard copy archiving;
v. IT services including systems providers for meetings, communications (including telephone, messaging, and email), claims or other applications, document management, and security;
vi. Financial services, including agency, brokerage and insurance services;
vii. marketing services;
viii. data analytics;
ix. legal or accounting services
x. security services; and
xi. administrative services.
c. Other reasons why we may disclose your Personal Data to Third Parties
We may also disclose your Personal Data:
i. in order to comply with a legal or regulatory obligation, where such disclosure is required by a tax authority, or The Hartford’s regulators or supervisory authorities, the police or a court of competent jurisdiction;
ii. where it is necessary to administer the contract and business relationship with or for you, including for example with agents and brokerage firms, insurance companies, and administrators;
iii. for the purposes of auditing, insuring and in the course of seeking advice with regards to our business operations and claims handling.
8. TRANSFERRING PERSONAL DATA OUTSIDE THE EU/EEA
Personal Data that we collect about you may be transferred to, and stored at, one or more countries outside the EU/ European Economic Area ("EEA"). It may also be processed by staff operating outside the EU/EEA who work for The Hartford or for our service providers. In such cases, we will take appropriate steps to ensure an appropriate level of data protection in the country of the recipient as required under Data Protection Laws, and as described in this Privacy Notice, or as otherwise permitted under applicable law.
If you are dissatisfied with any aspect of our handling of your Personal Data, you have the right to make a complaint at any time to a data protection authority; the Data Protection Supervisory Authorities contact information is listed in Appendix 1.
You can contact us for more information regarding the safeguards which we have put in place to protect your Personal Data and privacy rights at consumerprivacyinquiriesmailbox@thehartford.com.
9. HOW LONG WE RETAIN YOUR PERSONAL DATA
We retain your Personal Data pursuant to our records management policy. Our records management policy has been designed to ensure that we maintain Personal Data for that period of time necessary for the purposes for which we collected the data, and also to ensure that we comply with all applicable statutory and regulatory requirements for retaining records, including Personal Data.
Back to Index
10. DATA ACCURACY AND YOUR DUTY TO INFORM US OF CHANGES
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed of any changes to your Personal Data during your relationship with us.
11. YOUR DATA PROTECTION RIGHTS
The Hartford would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
a. The right to access – you have the right to request copies of your Personal Data.
b. The right to rectification – you have the right to request that The Hartford correct any information you believe is inaccurate. You also have the right to request that The Hartford complete the information you believe is incomplete.
c. The right to erasure – you have the right to request that The Hartford erase your Personal Data, under certain conditions.
d. The right to restrict processing – you have the right to request that The Hartford restrict the processing of your Personal Data, under certain conditions.
e. The right to object to processing – you have the right to object to The Hartford’s processing of your Personal Data, under certain conditions.
f. The right to data portability – you have the right to request that The Hartford transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you want to exercise the above rights please contact consumerprivacyinquiriesmailbox@thehartford.com or the DPO.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if a request to access is unfounded or excessive, or we may refuse a request in such circumstances.
a. What we may need from you to confirm your identity
We may need to request specific information from you to help us confirm your identity in connection with any of the above rights. This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
b. Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact consumerprivacyinquiriesmailbox@thehartford.com. Unless we have another lawful basis for continuing to process your Personal Data, once we have received notification that you have withdrawn your consent, and verified your identity we will no longer process your Personal Data for the purpose or purposes you originally agreed to; further, unless we have another lawful basis for continuing to process your Personal Data, we will dispose of it securely.
12. CHILDREN’S PRIVACY
The Hartford's services are not directed to or intended for children.
13. CHANGES TO OUR PRIVACY NOTICE
We reserve the right to amend this Privacy Notice at any time in order to address future developments of The Hartford, our Consumer Services, or changes in law or industry practices. We will post the revised Privacy Notice on this page. Any changes will become effective upon the posting of the revised Privacy Notice on the Website. The date on which this notice was last updated is provided at the beginning of this notice.
14. HOW TO CONTACT US
We have appointed a data protection officer ("DPO") to oversee compliance with this Privacy Notice. If you want to contact the DPO, or if you have any questions about this Privacy Notice or how we handle your Personal Data, please contact us at consumerprivacyinquiriesmailbox@thehartford.com, or alternatively The Hartford - Privacy Law, One Hartford Plaza, Hartford, CT 06155
APPENDIX – DATA PROTECTION AUTHORITIES
United Kingdom
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow
Cheshire
SK9 5AF
Phone: 0303 123 1113
Fax: 01625 524510
Website contact page: https://ico.org.uk/global/contact-us/
Switzerland
Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH - 3003 Berne
Switzerland
Phone: +41 (0)58 462 43 95
Fax: +41 (0)58 465 99 96
Email: info@edoeb.admin.ch