Privacy Notice

This document can be downloaded as a PDF here.

INTRODUCTION

This Privacy Notice explains how we (the Miller Group entities referred to in the “About us” section below) process your personal data.

Please take the time to read this Privacy Notice carefully as it explains how we collect, use and store your personal data, and the rights you have in relation to the protection of your personal data. If, at any time, you have any concern about how your personal data is being processed by us, please let us know at info@miller-insurance.com.

ABOUT US

The Miller Group entities that are the controllers responsible for processing your personal data are:

Miller Insurance Services LLP (company no. OC301468) and/or Miller Re Limited (company
no. 02258855), 70 Mark Lane, London, EC3R 7NQ, info@miller-insurance.com (both of which shall be referred to as “Miller”); and
Miller Europe SRL, IT Tower, Avenue Louise 480, 1050 Bruxelles, info@millerinsurance.com (“Miller Europe”).
Alwen Hough Johnson, 2 Minster Court, Mincin Lane, London, EC3R 7BB, UK
AHJ Europe AS, Grundingen 6, 0250 Oslo, Norway

As such, in this Privacy Notice references to “Miller” “we”, “us” or “our” are to the above mentioned Miller entities as applicable in the circumstances, depending on which entity/entities is/are providing the services that you are receiving or benefitting from.

You can contact the DPO via DataProtection@miller-insurance.com

Miller Insurance Services LLP is the controller that is responsible for this website.

We are responsible for ensuring compliance with data protection laws and we take your privacy and our obligations very seriously.

PERSONAL DATA THAT WE COLLECT ABOUT YOU

We may collect the following categories of personal data. Not all categories may be collected about every individual:

  • We receive information about you including your name, email address, contact details, address, age, date of birth, Internet provider address, login data, browser type and version, occupation and/or financial information, medical/health information and other information that you may be required to provide to us, or our clients, including when you register for our Online Services.
  • We receive information that you provide to us, or that we collect from you, if you apply for a job vacancy listed on our website or make a speculative application to our HR team. This includes: your contact details, information that you include on your C.V. and covering letter (if you provide one), information collected during interviews, assessments and/or tests that we may ask you to complete as part of the recruitment process, and information needed to complete pre-employment checks. As part of the job application process, we also collect special categories of data which may include data relating to your ethnic or racial background, your religious faith, your health, your sexual orientation, your nationality, and any criminal convictions. If you choose not to provide information relating to criminal convictions (required for regulatory reasons) or medical / health information (required for decisions as to your fitness for work or to help us to make reasonable adjustments for disabilities), we may not be able to process your application and/or take it to the next stage.

HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following reasons:

  • in order to deliver broking, consultancy and claims handling services to our clients, and to provide our Online Services;
  • in order to comply with our legal obligations and applicable regulatory requirements;
  • to facilitate the effective management, development or operation of the Miller Group;
  • in connection with negotiating, maintaining or renewing your insurance policies;
  • to create anonymised industry or sector-wide statistics;
  • in line with the London Insurance Market Core Uses Information Notice (which is available at www.lmalloyds.com/GDPR). We recommend that you review this notice;
  • to manage our ongoing business relationship and any claim made under the contract of insurance;
  • to undertake statistical analysis, business reporting and marketing;
  • to recover debts and prevent fraud;
  • to carry out credit scoring and in connection with other automated decision making systems, for example, to generate quotations for insurance cover;
  • to decide if you are suitable for the job role that you applied for;
  • to check if you have any unspent criminal convictions;
  • to collect job references;
  • to verify your identity and qualifications;
  • to check your right to work status;
  • to carry out equal opportunities monitoring with respect to our job applications; and
  • to inform you of future vacancies (if you agree to this);
  • to comply with applicable legal or regulatory requirements.

We use “cookies” on our website in accordance with our Cookie Policy.

HOW DO WE COLLECT YOUR PERSONAL DATA?

We collect personal information from you in a variety of ways. It may be:

  • Provided directly by you;
  • Collected from a device associated with you or your household;
  • Collected from another company within our family of companies; and
  • Collected from an external third-party source (including publicly available sources).

THE LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA

We may use the personal information we collect from you, for the following purposes and on the following lawful bases:

Purpose of ProcessingLawful Basis for Processing
To deliver broking, consultancy and claims handling services
To negotiate, maintain or renew insurance policies
To communicate options for premium finance		Processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.
To the extent that such processing involves special categories of personal data, we rely on the substantial public interest (insurance purposes) condition in the UK Data Protection Act 2018 (“DPA 2018”)
To comply with our legal or regulatory obligations in helping to prevent and detect crime, fraud and anti-money laundering checking services, and identity verification.
To report to insurance, data protection and other regulators.
To make disclosures to insurers, auditors, and the police and the National Crime Agency.
To conduct regulatory applications and reporting		Processing is necessary for compliance with a legal obligation
Promoting the responsible selection of relevant productsProcessing is necessary for the purposes of legitimate interests
To decide on the applicant’s suitability for the role
To collect references
To verify the applicant’s identity and qualifications		Processing is subject to the consent of the applicant
To check if the applicant has any unspent convictions
To verify the applicant’s identity
To check the applicant’s right to work status
To detect and prevent fraud and other criminal activity		Processing is necessary for compliance with a legal obligation and explicit consent of the job applicant
Information about an applicant’s physical or mental health or condition in order to take decisions as to the applicant’s fitness for work, to help us to make reasonable adjustments for disabilities, and in connection with medical incidents in the workplaceProcessing is necessary for compliance with a legal obligation and where the processing involves special categories of personal data, this is only done where it is necessary for reasons of substantial public interest
The applicant’s racial or ethnic origin, religious beliefs, health, and sexual orientation in order to monitor compliance with equal opportunities legislationConsent and where the processing involves special categories of personal data, this is only done where it is necessary for reasons of substantial public interest

CONSENT

Where your consent is required, we will ask you for it at the relevant time. You do not have to provide your consent, and you may withdraw it at any time. If you choose not to give your consent (or to withdraw it), this may prevent us from providing our services to you or (as specified above) from progressing your application for employment. If, having given your consent to the use of your data, you subsequently change your mind, you can stop all or particular uses of your data by sending an email to info@miller-insurance.com.

SHARING YOUR PERSONAL DATA

We may share your personal data in the following circumstances with:

  • police and other law enforcement agencies, local and central authorities, Miller’s regulators and other third parties where we are required to do so by law or a regulator or to comply with legal or regulatory requirements. This can be for a range of purposes such as preventing or detecting crime, fraud, apprehending or prosecuting offenders, assessing or collecting tax,
  • investigating complaints or assessing how well a particular industry sector is working;
  • third parties and/or where permitted to do so in accordance with industry rules or where the information is publicly available;
  • resellers, distributors and agents to help us provide services to clients;
  • insurers, surveyors, loss adjustors, IT service providers, call centre providers and administrative support service providers, to the extent necessary to provide our services to you in a timely manner;
  • loss assessors, lawyers, and other like persons to the extent necessary to enable such third parties to provide information or services you have requested;
  • premium finance companies to the extent necessary to enable them to provide you with greater choice in making premium payments;
  • other companies in the Miller Group to the extent necessary to facilitate the effective management, administration, or operation of those businesses;
  • anyone to whom you authorise us to give such information;
  • with insurers where this is necessary to enable insurers to decide whether to participate in any arrangement made by Miller whereby participating insurers agree to automatically insure (wholly or partly) a portfolio of risks by delegating their authority to bind individual risks within such portfolio to the lead insurer or Miller;
  • with third parties to assist our other clients with payment, negotiation and settlement of their claims with the same or different insurers; and share information about your insurance placements, which may include client names, types of policy, premium and renewal dates, with insurers to enable them to provide and improve their services to you;
  • with credit reference agencies (“CRAs”). Each organisation that shares financial data with the CRAs is also entitled to receive similar kinds of financial data contributed by other organisations. These organisations are typically banks, building societies, and other lenders, as well as other credit providers like utilities companies and mobile phone networks. As such, the financial data that we share with CRAs will also be visible to such other organisations;
  • if Miller believes that fraud has been or might be committed, with fraud prevention agencies (“FPAs”). These FPAs collect, maintain and share data on known and suspected fraudulent activity. Some CRAs also act as FPAs; and
  • with third party service providers of pre-employment testing and screening, for the purposes of processing your application.

FOR HOW LONG WILL YOUR PERSONAL DATA BE RETAINED?

We will retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for as set forth in this Privacy Notice or any other notice provided at the time of collection, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint, investigation, or if we reasonably believe there is a prospect of litigation in respect to our relationship with you, or the organisation that you work for. However, we will not retain your personal data for any longer than is required or permitted under applicable law or internal Miller policy. We dispose of the personal data that we collect in accordance with Miller retention policies and procedures

TRANSFERRING YOUR PERSONAL DATA OVERSEAS

Miller is based in the UK and Europe and keeps its main databases there. Besides the UK and Europe, Miller also has operations in Bermuda, Japan, Singapore, and Switzerland. Sometimes Miller will need to send or allow access to personal data from elsewhere in the world. This might be the case, for example, when a processor or client of Miller is based overseas or uses overseas data centres.

While countries in the European Economic Area all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection when it comes to personal data. As a result, when Miller sends personal data overseas it will make sure suitable safeguards are in place in accordance with UK and European data protection requirements, to protect the data. For example, these safeguards may include:

  • sending the data to a country that has been approved by the UK and European authorities as having a suitably high standard of data protection law. Examples include the Isle of Man and Switzerland.
  • putting in place a contract with the recipient containing terms approved by the UK and European authorities as providing a suitable level of protection.
  • sending the data to an organisation which is a member of a scheme that has been approved by the UK and European authorities as providing a suitable level of protection.

If your data has been sent overseas like this, you can find out more about the safeguards used by contacting us at DataProtection@miller-insurance.com

RIGHTS IN RESPECT OF PERSONAL DATA

You have the following rights under data protection laws (subject to certain conditions and limitations):

  • The right to access information we hold on you – the right to be provided with a copy of your personal data.

At any point you can contact us to request the information we hold on you as well as why we have that information, who has access to the information and where we obtained the information from.

  • The right to correct and update the information we hold on you – the right to require us to correct any mistakes in your personal data

If you think that any personal data Miller holds about you is incorrect, you have the right to challenge it. If Miller agrees that the data is incorrect, Miller will update its records accordingly. If Miller considers the data to be correct after completing checks, we will continue to hold and keep it – although you can ask us to add a note to your file indicating that you disagree or providing an explanation of the circumstances.

  • The right to have your information erased – (also known as the right to be forgotten) – the right to require us to delete your personal data in certain situations. The right is not absolute and only applies in certain circumstances.
  • The right to object to processing of your data – (i) at any time to your personal data being processed for direct marketing (including profiling); and (ii) in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims.
  • The right to data portability – the right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations e.g., where data is processed on the basis of consent.
  • The right to not be subject to automated individual decision making – the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

As explained in this Privacy Notice, Miller uses technology that does this in order to provide you with automated insurance quotations. We only do so where:- this is necessary for entering into, or the performance of, a contract between us; and this is authorised by applicable laws, which we must comply with and includes protections for your rights, freedoms and legitimate interests, or we have obtained your explicit consent to do so for these purposes. Whilst we have checks and measures in place to ensure that this technology works, you can request human intervention, let us know your concerns and contest the decision if you think the automated system has reached the wrong decision.

  • The right to restriction processing – the right to require us to restrict processing of your personal information in certain circumstances, e.g. if you contest the accuracy of the data.

For any requests relating to any of the rights above, please write to: DataProtection@miller-insurance.com

Your request should make it clear what type of information you are seeking. No fee is payable for such a request. Upon receipt of your request, and where all of our requirements to process such a request have been met in full, we shall respond within one calendar month of receipt (though we may extend the timeframe to respond by two months for complex requests).

We may need to request specific personal information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal data is not shared with any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request.

WHERE DO I COMPLAIN TO IF I AM NOT HAPPY?

In the first instance, please contact Miller at DataProtection@miller-insurance.com, which has an established complaints handling service.

You also have the right to lodge a complaint with the supervisory authority.

Regarding Miller LLP and Alwen Hough Johnson: Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, SK9 5AF, Phone on 0303 123 1113, website www.ico.org.uk

Regarding Miller Europe: the Belgian Data Protection Authority, Drukpersstraat 35, 1000 Brussel Belgium, email contact@apd-gba.be, website www.dataprotectionauthority.be

Regarding AHJ Europe: the Norwegian Data Protection Authority, P.O. Box 458 Sentrum NO-0105 Oslo Norway, email dt.pvo@datatilsynet.no, website https://www.datatilsynet.no

CHANGES TO THIS DATA PROTECTION NOTICE

From time to time, we may make minor changes to this Privacy Notice. We will notify you of these changes by posting the revised Privacy Notice on our website. If we make significant changes, we will take additional steps to inform you of these.