Privacy and Cookie Policy

If you have purchased insurance through another party and then if a Travelers company insures you, that Travelers company will be a data Controller for the purposes of the insurance.

Where you purchase insurance via an insurance broker, the broker you used will have given you their name and contact details. You should contact them directly for more information about how they handle your personal data and who they have passed it to.

Where your employer or a third party purchased insurance for your benefit, your employer or that third party may also be a data Controller. You should contact your employer or the third party who should provide you with details of which Travelers company has insured you.

Where you purchased insurance directly from us the Travelers company which collected the information from you will be the data Controller. If you have an insurance policy with us, the data Controller will be the Travelers company named on your insurance policy. If your cover includes an insurance policy underwritten by another insurer, we will still be the data Controller for the sale of the insurance and the other insurer will also be a data Controller in respect of the insurance policy.

Where you are not a policyholder or an insured, for example an employee, prospective employee, consultant, claimant, a witness, a business partner, a Travelers company will generally be a data Controller in respect of your personal data.  

If you have any questions then please contact our Data Protection Officer at DPOEurope@travelers.com.

Insureds, beneficiaries, prospective insureds, prospective beneficiaries, claimants and prospective claimants
General information		Name, address, telephone number, and email address
Identification details		Identification numbers issued by government bodies or agencies, including your national insurance number, passport number, tax identification number and driving licence number
Risk details		Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you
Policy information		Information about the quotes you receive and insurance policies we have issued to you
Financial information		Bank account or payment card details (where you are paying us for the insurance), income or other financial information
Employment information		Information about your job, job title, education history, professional accreditations, current/previous employer’s data
Credit and anti-fraud data		Credit history, credit score, sanctions matches and criminal offences, and information received from various anti-fraud databases relating to you
Previous and current claims		Information about previous and current claims, (including other unrelated insurances) which may include data relating to your health, criminal convictions, surveillance reports
Special categories of personal data		Certain categories of personal data have additional protection under the data protection laws. The categories include data related to health and medical information, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation
Marketing information		Name, email address, telephone number, interests, record of marketing permissions or objections, website data (including online account details, IP address and browser generated information)
Policy information		Policy number, and if you are not the policyholder, details of your relationship to the policyholder, details of the policy including amount insured, exceptions and previous claims
Claims details		Details of the incident giving rise to the claim
Criminal convictions		Criminal offences including driving convictions and police reports
Financial information		Bank account details used for payment of a claim
Anti-fraud data		Sanctions matches and criminal offences, and information received from various anti-fraud databases relating to you
Other data		Information collected in order to validate a claim e.g. from social media, public registers, online databases, credit references agencies
Witnesses to an incident
Information collected		Name, address, email address, contact number, date of birth, gender, nationality, passport number, national insurance number, driving licence number, and other information relevant to the incident that you have witnessed
Business partners
Information collected		Name, employer, work address, work email, work telephone numbers and job title
Visitors to our office
Information collected		Name, employer, job title, email address, telephone number, CCTV images, dietary requirements and any disability data
Marketing
Information collected		Name, email address, telephone number, interests, record of marketing permission or objections, employer, job title, website data (including online account details, IP address and browser generated information)
Prospective employees, consultants, prospective consultants and officeholders
Information collected		Name, email address, telephone number, home address, job title, national insurance number, passport number, tax identification number, photograph, current/previous employer’s data
Visitors of our websites
Information collected		IP address and browsing history obtained through our use of cookies

We might collect your personal data from various sources, including:

• You;
• Your family members, employer or representative;
• Other insurers, brokers and reinsurers;
• Other companies within the Travelers group;
• Credit reference agencies;
• Anti-fraud databases, sanctions lists, court judgments and other databases;
• Government agencies such as the police;
• Open electoral registers;
• Insurance industry bodies;
• In the event of a claim, third parties including the other party to the claim (claimant / defendant), witnesses, experts (including medical experts), loss adjustors, solicitors, and claims handlers;
• In the event of a claim, third parties;
• Third party service providers;
• Social media such as LinkedIn, Facebook and X (Previously Twitter);
• Third party marketing databases;
• Analytics providers; and
• Search information providers, cookies and other tracking technologies.

What are cookies?

Cookies are small text files placed on your device when you visit a website. They contain information that is transferred to your device's hard drive or random access memory.

We use our own and third-party cookies to give you the best experience of our website, provide personalised adverts, and to measure our traffic and performance.

To find out more about cookies visit www.aboutcookies.org  or www.allaboutcookies.org.

Managing cookies 

You can update your preferences at any time by going to the Cookie Settings at the bottom of the page.

Alternatively, most web browsers allow some control of most cookies through the browser settings. To limit or block the cookies which are set by Travelers, you can amend your browser’s privacy settings. The 'Help' function within your web browser will explain how this is done. For further guidance, visit www.allaboutcookies.org

Third party cookies

Some cookies are set by Travelers, while others are set by third-party companies (third-party cookies). The third-party cookies we use include those from LinkedIn, Google, AWS, YouTube, Tealium, Cloudflare, and Optimizely. Third-party cookies are placed by our approved business partners from different websites. For example, when a page has embedded content from other sites, you may receive cookies from those websites. We do not control the setting of third-party cookies and recommend that you check the privacy and cookie policies of those websites for information about them.

Types of cookies we use 

We use the following types of cookies on our website (www.travelers.co.uk):

Strictly necessary cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. This category includes cookies which we use to provide you with core services and features, and to help keep our website secure. You can set your browser to block or alert you about these cookies, but some parts of the website might not work properly.

Functional cookies 
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or our service providers. If you do not allow these cookies, some of the features might not function properly.

Performance/ Analytics cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us understand which pages are the most and least popular and see how visitors move around the site. All the information that these cookies collect is aggregated and therefore anonymous.

Advertising cookies
These cookies record your visit to our website, the pages you have visited and the links you have followed. They help us, and other parties, personalise ads that are shown to you on our website, as well as on other online services. For example, if you show interest in one of our products shown on our website, you may receive an advertisement for that same product on another site. We and our service providers may also use cookies in online advertising to track responses to our advertisements, and to track your use of other websites.

How long do cookies last? 

The length of time a cookie stays on your device depends on its type: 

"Session cookies" are temporary and are deleted every time you close your browser.

"Persistent cookies" stay on your computer until they expire or until you delete them from your device's cache. 

Questions 

If you have any questions, please contact us at: dpoeurope@travelers.com.

We will only use your personal data when the law allows us to. We set out below purposes for which we use your personal data. For each purpose we must have a “legal basis” to use your personal information. When the information that we process is classed as “sensitive personal information”, we must have a specific, additional “legal ground” to process such information.

1. Setting you up as a customer

Activity
When setting you up as a customer we will need to collect your personal data which includes the general information about you. We may also need your personal data to carry out certain checks including possible fraud, sanctions, credit and anti-money laundering checks.

Legal Basis for processing your Personal Data
We need this data to enter into an insurance contract.

We need to comply with our legal and regulatory obligations, including the prevention of fraud and other financial crime.

You have given us your explicit consent.

2. Quotation

Activity 
At the quotation stage, we evaluate the risks to be covered and match these to the appropriate policy and premium. To do this, we collect your personal data, such as general information about you, your identification details, and underwriting information, including details of the risk.

We collect other personal data, including information relating to previous claims, credit data, and anti-fraud data.

We may collect special categories of data in respect of the risk, such as your health data, and may ask you for information regarding criminal convictions.

We may also need to collect personal data relating to your family members, including children who are named or covered by the insurance policy.

If you telephone us for a quotation, we may record the telephone call. You will be informed that the call is being recorded at the time of the call.

Legal Basis for processing your Personal Data
We need this data to enter into or perform your insurance contract.

It is in our legitimate interest to determine if you are within our acceptable risk profile, what the appropriate insurance product might be, and what the premium will be.

We will process special categories of data where the processing is necessary for the insurance quotation. We will only process criminal conviction data where it is necessary for the prevention of fraud and other financial crime.

You have given us your explicit consent.

3. Purchase of insurance

Activity 
In order for you to pay the premium for the insurance, we will need to collect general and financial information.

Legal Basis for processing your Personal Data
We need this data into order to perform the insurance contract and because it is necessary in order for us to take payment.


You have given us your explicit consent.

4. Policy administration and risk services

Activity 
We may need to communicate with you regarding policy administration and requested changes to your insurance policy.

We may need to collect or refund premium payments and we may also need to send you updates regarding the insurance. In order to perform these tasks, we will need to process your personal data such as your general and financial information.

In administering the insurance policy we may process special categories of data such as your health information and we may also process criminal conviction data.

We may need to communicate with you regarding certain risk control services we provide in respect of your insured risks. We will need to process your contact details and policy information in order to provide those services.

We may also ask third party service providers to offer certain risk control services to you and calls made to and from those third parties may be recorded. You will be warned that the call is being recorded at the time of the call.

Legal Basis for processing your Personal Data
We need to process this data in order to perform the insurance contract and because it is necessary to correspond with customers, beneficiaries and claimants.

We will process special categories of data where the processing is necessary for the administration of your policy, and we will process criminal conviction data for the purposes of preventing fraud.

You have given us your explicit consent.

5. Claims Processing

Activity 
If you have a claim or are involved with a claim, then we will need to collect and process your personal data. We may also need to collect and process personal data relating to your family members including children who are named or covered by the insurance policy.

We may also need to collect special categories of data, for example information about your health and medical reports.

As part of the claim, we may need to investigate the claim, defend legal proceedings, and carry out fraud, credit and anti-money laundering checks. We will need to collect and process your personal data such as general information, identification details, financial information and policy information (if applicable).

Legal Basis for processing your Personal Data
We need to process this data in order to perform our obligations under the insurance contract and because it is necessary for us to assess the veracity and quantum of claim, to defend or make claims and to assist with the prevention and detection of fraud and other financial crime.

We will process special categories of data where:

• It is necessary for an insurance purpose; or
• Where the processing is necessary for the establishment, exercise or defence of a legal claim; or
• Where the processing is necessary to protect your (or a family member’s) vital interests or of another person where you are physically or legally incapable of giving consent.

You have given us your explicit consent.

6. Renewals 

Activity 
We will need to contact you to offer you renewal terms. In preparing renewals we will need to evaluate the risks to be covered and match the appropriate policy and premium to your requirements. We will also need to take payment. Upon renewal we will process your personal data in the same way as described at the quotation stage (2) and purchase (3) stages above.

Legal Basis for processing your Personal Data
Upon renewal, our legal basis for processing your personal data is the same as outlined at the quotation stage (2) and purchase (3) stages above.

In addition, we may also have a legal and/or regulatory obligation.

7. Marketing 

Activity 
We may use your personal data to send you marketing communications about our insurance products or our related services. This may be in the form of email, printed material sent by post, online posts, SMS, telephone or targeted online advertising.

We may also use your personal data to contact you in response to your social media posts.

Legal Basis for processing your Personal Data
We will only ever use your personal data with your consent or if you are in a business relationship with us. You have the right to stop us marketing to you by opting out of such marketing when you receive electronic communications from us or by contacting our data protection officer.

8. Business Partners 

Activity 
If you are a business partner or a supplier, we will collect your business contact details in order to manage our relationship with you and to administer our contract with you or your employer.

We may also collect your information if you attend meetings, enter prize draws or competitions, attend events that we organise, sign up to our bulletins or newsletters or contact us through our website. We may also collect information about you from public sources (for example LinkedIn or your employer’s website) where we believe this is necessary to help manage our relationships with our business partners.

Legal Basis for processing your Personal Data
We have a legal and/or regulatory obligation.

We have a legitimate interest for using your personal information for the following reasons (as applicable):

• Relationship management and business analysis;
• To effectively manage our business;
• To develop and improve products and services;
• To offer and administer prize draws and competitions.

You have given us your explicit consent.

9. Visitors 

Activity 
If you are a visitor (such as visiting our website or our offices) we will use your personal data, for example, to register for use of our website, enquire for further information, distribute requested reference materials or invite you to one of our events.

Legal Basis for processing your Personal Data
We have a legal and/or regulatory obligation.

We have a legitimate interest for using your personal information for the following reasons (as applicable):

• Relationship management and business analysis; and
• To effectively manage our business.

You have given us your explicit consent.

10. Data Analytics 

Activity 
We analyse information in our various systems and databases to help improve the way we run our business, to provide a better service and to enhance the accuracy of our risk and other actuarial models. We take steps to protect privacy by aggregating and where appropriate anonymizing data before allowing information to be available for analysis.

Legal Basis for processing your Personal Data
We have a legitimate interest for using your personal information for the following reasons (as applicable):

• Comply with legal and regulatory obligations;
• Relationship management and business analysis;
• To effectively manage our business.

You have given us your explicit consent.

We will keep your personal information confidential and only share it with the third parties listed below for specific purposes.

Where relevant, we may share your personal data with:

• Other companies in the The Travelers Companies, Inc. group, including where:
  • We’re arranging our own insurance;
  • It’s necessary for our business administration purposes;
  • We’re using information for the prevention or detection of fraud or other crime; or
  • We need to report information within our group of companies.
• Our insurance and reinsurance partners such as brokers, other (re)insurers or other companies who act as (re)insurance distributors;
• Other third parties who help us administer your insurance claim. This could be loss adjusters, claims handlers, accountants, auditors, banks, lawyers and other experts including medical experts;
• In the UK, we may share your personal data with the Motor Insurers’ Bureau (MIB) and associated not-for-profit companies who provide several services on behalf of the insurance industry. At every stage of your insurance journey, the MIB will be processing your personal information and more details about this can be found via their website: org.uk;
• in Ireland, we will pass your policy and licence details to the Motor Third Party Liability Database maintained by the Motor Insurers Bureau of Ireland (MIBI) and to the National Vehicle and Driver File maintained by the Department of Transport; more details can be found on the MIBI webpage at ie/ and the Government of Ireland website at gov.ie;
• Companies who provide you with certain services such as home emergency cover and legal expenses cover;
• Our regulators;
• Other insurers;
• Fraud detection agencies and other third parties who operate and maintain fraud detection registers or undertake investigations in cases of suspected insurance fraud. This includes the Insurance Fraud Register, the Insurance Fraud Intelligence Hub and the Motor Insurance Database;
• The police and other third parties, such as banks or other insurance companies;
• Other insurers who provide our own insurance;
• Industry bodies, for example, the Association of British Insurers, Insurance Ireland, Lloyd’s Market Association or Employers’ Liability Tracing Office;
• Credit referencing agencies and third parties who carry out sanctions checks on our behalf;
• Our third-party services providers, such as IT suppliers, actuaries, auditors, lawyers, document management providers, outsourced business process management providers, outsource procurement service providers, our subcontractors and tax advisers;
• Selected third parties in connection with any sale, transfer or disposal of our business; or
• Where necessary, courts and other alternative dispute resolution providers, such as arbitrators, mediators and the Financial Ombudsman Service (UK) and Financial Services and Pensions Ombudsman (Ireland).

If you would like further information about how we share your personal information, please contact our Data Protection Officer at DPOEurope@travelers.com

We may need to transfer your data to jurisdictions located outside of the European Economic Area (EEA) and United Kingdom (UK).

Your data may be processed by employees working for The Travelers Companies, Inc.  group of companies, some of whom are based outside the EEA.

Your data may also be processed by our service providers or assistance providers who may be located outside of the EEA. We may disclosure your personal data outside of the EEA if we receive a request from a foreign law enforcement or regulatory agency.

Transfers of your personal data outside of the EEA/UK will be carried out:

• To countries recognised as providing an adequate level of protection or where we are satisfied that there are adequate safeguards in place to protect your rights as the data subject, such as EU Model Contract Clauses or the UK Addendum;
• Transfers to service providers and other third parties will be protected by contractual commitments such as the EU Model Contract Clauses or the UK Addendum.

Under data protection law you have certain rights in relation to the personal information that we hold about you. There will not usually be a charge for dealing with these requests.

Your rights include:

1. The right to access personal information
2. The right to rectification
3. The right to erasure
4. The right to restriction of processing
5. The right to data portability
6. The right to object to marketing
7. The right to object
8. The right to withdraw consent
9. The right to lodge a complaint with the ICO or DPC

Please note:

• The rights set out below do not apply in all circumstances;
• In some cases we may not be able to comply with your request. For example, where there is a conflict with our own obligations to comply with other legal or regulatory requirements.

If you would like to exercise any of your rights, please contact our Data Protection Officer at DPOEurope@travelers.com

Automated decision making is where a decision is made solely by automated means without any human involvement for example by software or an algorithm.

We make some decisions in this way in the course of our business as an insurer. We use automated decision making to generate some online quotes.  If you are a prospective insured or an insured who wishes to obtain an online quote from us our system will use a set of underwriting and product rules to issue quotations in response to information provided by you online.

Automated decision making is an efficient and cost effective way for us to provide quotations. It provides a standardised methodology and reduces the likelihood of any differences in treatment between prospective insureds. As a result, it assists us in treating our customers fairly.

The use of automated decision making does mean that in relation to those particular products there is no ability for a prospective insured to negotiate the price or terms of the policy. Some of our products do have a referral process to an underwriter in relation to particular terms. It is also possible to speak to our call centre about the online process.

If you would prefer for us not to use automated decision making in respect of the online quotation process you should contact your broker who can speak to an underwriter.

If you are an insured or a prospective insured we may use automated decision making to carry out a credit and anti-fraud checks.

Profiling is the automated processing of personal data to evaluate certain things about an individual, in particular to analyse or predict certain aspects concerning that individual’s performance at work, economic situations, health, personal preferences, interests, reliability, behaviour, location or movement. Profiling can be part of an automated decision making process.

We also make certain decisions based on profiling. When we underwrite we carry out various forms of profiling to assess your individual risk so that we can calculate insurance premiums.

If you are a claimant then we may use profiling or automated decision making to assess whether your claim might be fraudulent.

Some special categories of data may also be used in profiling such as your medical data and criminal convictions.

You have certain rights in respect of automated decision making, where that decision has legal or significant effects on you.  

We will keep your personal data only for so long as is reasonably necessary, for the purpose for which it was originally collected. In particular, for so long as there is any possibility that either you or we may wish to bring a legal claim under your insurance policy, or where we are required to keep your personal data due to legal or regulatory reasons.

All information you give us is stored on our secure servers. Some techniques we use to protect information include locked files, user authentication, encryption, firewall technology and the use of detection software. 

Once we have collected your information, we use strict procedures and security features to prevent unauthorized access.

The primary point of contact for all issues arising from this Policy, including requests to exercise your data subject rights, is our Data Protection Officer. The Data Protection Officer can be contacted in the following ways:

Email: DPOEurope@travelers.com

Write to:

Data Protection Officer
Travelers
30 Fenchurch Street
London EC3M 3BD
United Kingdom

Or

Data Protection Officer
Travelers
Third Floor, Block 8,
Harcourt Centre,
Charlotte Way,
Dublin 2
Ireland

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights in SECTION 7, or if you think that we have breached data protection legislation (including the GDPR) then you have the right to complain to the data protection supervisory authority which is the Information Commissioner’s Office in the UK and the Data Protection Commission in Ireland.  Please see below for contact details:

England
Information Commissioner's Office
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire
SK9 5AF 

Tel: 0303 123 1113

Scotland
Information Commissioner's Office
Queen Elizabeth House
Sibbald Walk
Edinburgh
EH8 8FT

Tel: 0303 123 1115
Email: Scotland@ico.org.uk

Wales
Information Commissioner's Office
2nd floor 
Churchill House 
Churchill way 
Cardiff
CF10 2HH

Tel: 0330 414 642
Email: wales@ico.org.uk

Northern Ireland 
Information Commissioner's Office
10^th Floor
Causeway Tower
9 James Street South
Belfast
BT2 8DN

Tel: 0303 123 1114
Email: ni@ico.org.uk

Republic of Ireland
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland

Tel: +353 1 765 01 00 or  1800 437 737  

Beneficiary(ies) is an individual or a company entitled to receive a payment under the insurance policy if an insured event occurs. A beneficiary does not have to be the insured/policyholder and there may be more than one beneficiary under an insurance policy.

Biometric data means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that nature person, such as facial images or fingerprint data.

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Claimant is either a beneficiary who is making a claim under an insurance policy or an individual or a company who is making a claim against a Travelers policyholder or insured.

Claims processing is the process of handling a claim that is made under an insurance policy.

EU Model Contract Clauses: standard contractual clauses (known as model contract clauses) recognised by the European Commission as offering adequate safeguards for the transfer of data outside of the European Economic Area.

GDPR is (a) the General Data Protection Regulation (EU 2016/679) and any implementing, derivative or related legislation, rule or regulation of the European Union; (b) the GDPR as transposed into United Kingdom national law by operation of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 ("UK GDPR"); and (c) the Privacy and Electronic Communications (EC Directive) Regulations 2003, together with any legislation which replaces it.

Insurance policy is a contract of insurance between the insurer and the insured/policyholder.

Insured/policyholder is the individual or company in whose name the insurance policy is issued. A potential insured/policyholder may approach an intermediary to purchase an insurance policy or they may approach an insurer directly or via a price comparison website.

Insurer(s): (sometimes also called underwriters) provide insurance cover to insured/policyholders in return for premium. An insurer may also be a reinsurer.

Intermediaries help policyholders and insurers arrange insurance cover. They may offer advice and handle claims. Many insurance and reinsurance policies are obtained through intermediaries.

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic mental, economic, cultural or social identify of that natural person.  

Policy administration is the process of administering and managing an insurance policy following its inception.

Premium is the amount of money to be paid by the insured/policyholder to the insurer in the insurance policy Reinsurers provide insurance cover to another insurer or reinsurer. That insurance is known as reinsurance.

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Quotation is the process of providing a quote to a potential insured/policyholder for an insurance policy.

Renewal is the process of the insurer under an insurance policy providing a quotation to the insured/policyholder for a new insurance policy to replace the existing one on its expiry.

Special categories of personal data means racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometrics (where used for identification purposes), health, sex life or sexual orientation.