GDPR Privacy Notice
LAMP Insurance Company Limited is the Controller under the EU General Data Protection Regulation (EU GDPR).
LAMP Insurance Company Limited is incorporated in Gibraltar, company number 93562.
2. Contact details of the Controller
You may contact LAMP Insurance Company Limited to make requests, for example to exercise your data protection rights, to provide positive feedback or to make complaints by writing to us at
Europort Building 8
PO Box 708
or by emailing our Data Protection Officer at email@example.com.
3. Contact details of the Data Protection Officer
LAMP Insurance Company Limited has appointed a Data Protection Officer (DPO). You may contact the DPO to make requests, for example to exercise your data protection rights, to provide positive feedback or to make complaints by writing to the Data Protection Officer at Suite 822, Europort Building 8, PO Box 708, Gibraltar, GX11 1AA or by emailing our Data Protection Officer at firstname.lastname@example.org.
4. Purposes of the processing
LAMP Insurance Company Limited processes your personal data for the following purposes:
- To provide insurance products to you or to a company that is contracted to provide you with a related product
- To provide reinsurance
- To underwrite insurance products
- To provide claims handling support for your insurance product
- To provide customer services, e.g. complaints management, to you or to a company that is contracted to provide you with a related product
- To provide management information analyses for use by companies within the LAMP group
5. Legal basis for the processing
The legal basis for processing your personal data is that the processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract.
The legal basis for processing your special personal data is that the processing is needed for a matter of substantial public interest, specifically the processing is necessary for an insurance purpose.
6. Categories of personal data
LAMP Insurance Company Limited may receive your personal data and special categories of personal data from third parties for the purposes set out above. The categories of personal data we process will vary depending upon the type insurance product that is held by you or the insurance product provided to an organisation that you are contracted to. Personal may include:
Special Lines business
- Policy holder details e.g. name, address, contact details, occupation, NI number, medical information, passport number, photographs, driving licence number, vehicle registration number, bank account details, related data from solicitor/broker/intermediary, monthly policy statement, premium shortfall and commission reconciliation
- Policy holder details e.g. name, address, contact details, medical information, passport number, photographs, driving licence number, vehicle registration number, bank account details, related data from solicitor/broker/intermediary, monthly policy statement, premium shortfall and commission reconciliation
- Policy holder details e.g. name, address, contact details, NI number, medical information, passport number, photographs, driving licence number, vehicle registration number, bank account details, related data from solicitor/broker/intermediary, monthly policy statement, premium shortfall and commission reconciliation
- Employer information, contact person, banking details, intermediary information, re-insurance company information, employee information (from policy holder), applicant information including name, occupation, gender, date of birth, country of residence, data of birth, marital status, age, height, weight, passport number, application date, contact number, premium information, insurance programme information, general medical information, thorough medical history, statement of oral health, policy summary details, claim summary details, payment details including bank and allocation details, individual application forms from members
7. Any recipient or categories of recipients of your personal data
Within LAMP Insurance Company Limited, only those members of the workforce who have a valid business ‘need to know’ will be granted access to your personal data. Further, individual team members will only be given access to the part of your data that they need to perform their roles. These members of our team:
- Provide insurance customer application services
- Provide underwriting services to you or to a company you are contracted to
- Provide general customer services to you
- Provide claims handling services to your or to a company you are contracted to
- Provide payment processing for professional services
Externally, your data may be shared with the following types of organisations for the reasons set out below – specifically so that we can deliver an insurance product or service you, or to a company you are contracted to. Wherever possible the data shared are either anonymised and/or minimised and only those with a valid business ‘need to know’ in the receiving organisation are granted access.
For Special Lines business – your personal data may be shared with:
- Third party companies for the purpose of validating claims – e.g. independent engineers may require limited personal data to make site visits to assess vehicle faults and/or breakdowns
- Third party repair companies – e.g. we may need to share limited policy holder details to facilitate a repair for you
- Companies that provide regulatory compliance services that we must legally comply with, e.g. sanctions searches
- Intermediaries who are contracted to perform audit functions for us
- Companies that work with us to sell products or services on our behalf
- Companies that provide accounting and payment processing services to us
- Companies that may provide finance services to you if you have asked for them
For Healthcare business – your personal data may be shared with:
- Third party administrator companies, for example those which provide emergency medical assistance and claims administration services when you need it. These services help us to support you.
- Contracted network of hospitals and doctors, e.g. for direct billing purposes
- Companies contracted to perform audit functions for us
- Corporate clients who work with us to provide your product or related services
For Legal business (includes After the Event business) – your personal data may be shared with:
- Introducers and intermediaries, e.g. solicitors who may introduce your business to us and who may require updates particularly in the event of a claim
- Intermediaries who are contracted to perform audit functions for us
- Specialist external professional service providers who may be instructed to recover your premium or to negotiate costs
- Processors that may provide professional services, such as scanning and storage services.
Where the Financial Ombudsman Services is mandated to resolve complaints for any line of business described above, we may need to share your data with it, for example when complaints are made. Not all lines of business are covered by the Financial Ombudsman Service.
We may be required to share your personal data with other agencies to prevent fraud.
In the event of litigation, we may be required to share your information with professional service providers, e.g. lawyers, hospitals, doctors.
Your data may also be passed to the following companies within the LAMP group. Access to your personal data will only be granted to members of their work force(s) who have a valid business ‘need to know’ – i.e. to process the data to deliver the services we are contracted to provide to you or to a company you are contracted to. Further, individual members of their work force(s) will only be given access to the part of your data that they need to perform their particular roles.
- LAMP Services Limited
- Tegamus Law Limited
- Suzhou LAMP Information Consulting Company Limited
If you wish to understand more about what companies your personal data are shared with, please contact our Data Protection Officer at email@example.com
8. Details of transfers to third country and safeguards
Your data may be transferred to Suzhou LAMP Information Consulting Company Limited, which is based in China, for insurance administration purposes including the processing of some payments. We use standard model contract clauses to preserve your rights and freedoms under the EU General Data Protection Regulation to an adequate level.
No. 98 Suhui Road,
Room 1018 Suzhou Industrial Park,
Company Registration number: 320594400024986
9. Retention period or criteria used to determine the retention period
Your personal data will be kept for as long as the insurance policy, or warranty or sales and administration services to which it applies is valid, and thereafter for a period sufficient to protect the LAMP Insurance Company Limited business interests in the event of needing to comply with regulation and/or to meet any potential liability claim or litigation.
10. Data subject rights
You have the right to exercise the following rights under EU data protection law. Please contact us using the contact details set out above if you wish to exercise any of these rights:
- Transparency – we must provide you with all the information set out in this privacy notice in a concise, transparent, intelligible and easily accessible form, using clear and plain language, so that you may understand how and why we process your data and what your rights are. We must keep you informed in timely manner about our progress in responding to requests from you to access your rights under data protection law.
- Rights of access by the data subject – you have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, to access to the personal data and other associated information.
- Right to rectification – you have the right to have the personal data concerning yourself rectified without undue delay if it not accurate. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by providing a supplementary statement.
Right to erasure (‘right to be forgotten’) – In some limited circumstances, you may have the right to obtain from us the erasure of your personal data without undue delay, when and if:
- Processing your personal data is no longer necessary in relation to the purposes for which your data were collected
- Where you withdraw consent for processing, but only if consent was the legal basis relied upon for that processing (please note this does not apply to our customers)
- You object to processing and there are no overriding legitimate grounds for the processing or where you withdraw your consent to marketing
- Your personal data has been unlawfully processed
- Your personal data has to be erased to comply with a legal obligation to which the Controller is subject
- Your personal data has been collected in relation to the offer of information society services to children
Right to restriction of processing – In some limited circumstances you have the right to request that the processing of your personal data is restricted, in some cases for a limited time only, specifically when:
- You are contesting the accuracy of your personal data while we verify its accuracy or correct it
- The processing is unlawful and you oppose the erasure of your data
- Where we no longer need your personal data for the purposes for which it was obtained but where you require the data for the establishment, exercise or defence of legal claims
- Where you have objected to the processing of your data pending the verification whether legitimate grounds of the Controller override your interests.
You have the right to be informed by the Controller before the restriction of processing is lifted
Notification obligation regarding rectification or erasure of personal data or restriction of processing – We will let you know when the following things happen, unless is proves impossible or disproportionate to do so:
- When we have rectified your data
- When we have erased your personal data
- When we have restricted the processing of your personal data
- When we intend to lift any restriction to the processing of your personal data
We will also advise you about any recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort
- Right to data portability – Upon your request and where the legal basis for processing your personal data is ‘consent’ or ‘contract’, we will provide you with a copy of your personal data that you have provided to us and which are processed by automated means, in a structured, commonly used and machine-readable format. Upon your request and where technically feasible, we will also transmit those data to another data controller
Right to object – In some limited circumstances, you have the right to object to our processing of your personal data. When certain conditions are met we, as Controller, will no longer process your personal data. This right can be exercised only when:
- Either the processing is necessary for the performance of a task carried out in the public interest or processing is necessary for the purposes of our legitimate interests (including profiling), but where we cannot demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or where processing is necessary for the establishments, exercise or defence of legal claims
- Processing for direct marketing purposes, including profiling
When personal data are processed for scientific or historical research purposes or statistic purposes unless the processing is necessary for the performance of a task carried out for reasons of public interest.
- Automated decision-making, including profiling – You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significant effects. At the current time, LAMP Insurance Company Limited does not perform automated decision making or profiling.
11. The right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint about us with the supervisory authority for data protection. In Gibraltar, the Supervisory Authority is:
Gibraltar Regulatory Authority
1 Europort Road
Registration number: DP003191
12. The source your personal data originates from and whether it came from publicly accessible records.
The data we hold about you does not originate from publicly accessible records. If you have not provided us with your personal data directly, we have obtained it from one of the following sources:
- Healthcare – Medical information may be supplied directly from members, hospitals, doctors, contracted third partner assistance companies e.g. emergency medical assistance providers, corporate clients, or intermediaries (agents or brokers).
- Special Lines – intermediaries, brokers, third parties and/or dealers.
- Legal – Intermediaries, brokers, agents.
- Across all business lines – from another company within the LAMP group that works with LAMP Services Limited to deliver your contracted product.
13. Whether the provision of personal data is part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data
LAMP Insurance Company Limited has a legal obligation to perform a sanctions search on insured persons. Failing to do so would be a breach of the law.
14. The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences
LAMP Insurance Company Limited does not currently perform automated decision making or profiling.
The LAMP Insurance Company Limited GDPR Privacy Notice is available for download.
(542.2 KiB) LAMP Insurance Company Limited GDPR Privacy Notice FINAL V1.0 LAMP Insurance Company Limited GDPR Privacy Notice