UMeUK Employee Privacy Notice
This Privacy Notice applies to the personal information of all individuals who seek to be, are, or were employed by Underwrite Me in the UK, hereafter referred to as “employee related data subject”, “data subject” or “you”.
This privacy notice is not intended for individuals who have policies that are reinsured with us, or for individuals connected with, or employed by, cedants, insurance intermediaries and consultants, and other professional third parties, such as retrocessionnaires and service providers, with whom UMe has a business relationship, please see the privacy notices for you found here.
At UMe we are committed to maintaining the accuracy, confidentiality and security of your personal information. This Privacy Notice describes the personal information that UMe collects about you, and how we use and to whom we disclose that information.
Underwrite Me (“UMe”) is comprised of multiple business units and operates through various legal entities, including their respective branches and representative offices, under the common control of Pacific Mutual Holding Company. All references in this Privacy Notice to “UMe”, “we”, “us”, “our” and like terms should be interpreted accordingly.
Notice of compliance
It is UMe’s intention to comply with the privacy legislation within each jurisdiction in which we operate.
For the purposes of this Privacy Notice, personal information is any information about an identifiable individual, (other than the person’s business title or business contact information when used or disclosed for the purpose of business communications). Personal information does not include anonymous or non-personal information (i.e., information that cannot be associated with or tracked back to a specific individual).
What personal information do we collect?
We collect and maintain different types of personal information relating to employment-related data subjects, including the personal information contained in:
- CVs and/or applications;
- References and interview notes;
- Photographs and video;
- Letters of offer and acceptance of employment;
- Information regarding performance, disciplinary matters, grievances, sickness, absence from work and holidays;
- Payroll information, including but not limited to national insurance number, bank account details, and HMRC information;
- Salary and benefit information;
- Forms relating to the application for, or in respect of changes to, employee health and welfare benefits; including, short and long term disability, medical and dental care;
- Beneficiary and emergency contact information; and
- All other types of information typically retained by UK employers in the regulated financial services sector regarding employment related data subjects
In addition to the examples listed above, personal information also includes information such as name, home address, telephone, personal email address, date of birth, employee identification number and marital status, and any other information necessary to UMe’s business purposes, which is voluntarily disclosed in the course of an employee’s application for and/or employment with UMe.
How is your personal information collected?
As a general rule, UMe collects personal information directly from you. In most circumstances where the personal information that we collect about you is held by a third party, we will obtain your permission before we seek out this information from such sources.
From time to time, we may utilise the services of third parties in our business and may also receive personal information collected by those third parties in the course of the performance of their services for us or otherwise. Where this is the case, we will take reasonable steps to ensure that such third parties have represented to us that they have the legal right to disclose your personal information to us.
Where permitted or required by applicable law or regulatory requirements, we may collect information about you without your knowledge or consent.
Why do we collect personal information?
The personal information collected is used and disclosed for our legitimate business purposes, including establishing, managing or terminating your employment relationship with UMe. Such uses include:
- determining eligibility for initial employment, including the verification of references and qualifications;
- administering pay and benefits;
- processing employee work-related claims (e.g. worker compensation, insurance claims, etc.)
- establishing training and/or development requirements;
- conducting performance reviews and determining performance requirements;
- assessing qualifications for a particular job or task;
- gathering evidence for disciplinary action, or termination;
- establishing a contact point in the event of an emergency (such as next of kin);
- complying with applicable labour or employment statutes;
- compiling directories;
- ensuring the security of company-held information; and
- such other purposes as are reasonably required by UMe.
The work output of UMe’s employees, whether in paper record, computer files, or in any other storage format belongs to us, and that work output, and the tools used to generate that work output, are always subject to review and monitoring by UMe.
In the course of conducting our business, we may monitor employee activities and our premises and property. For example, some of our locations are equipped with surveillance cameras. These cameras are generally in reception or high risk areas. Where in use, surveillance cameras are there for the protection of employees and third parties, and to protect against theft, vandalism and damage to UMe’s goods and property. Generally, recorded images are routinely destroyed in accordance with our Data Retention Policy, and not shared with third parties unless there is suspicion of a crime, in which case they may be turned over to the police or other appropriate government agency or authority. Pursuant to our Information Systems Use Policy, we have the capability to monitor all employees’ computer and e-mail use.
This section is not meant to infer that all employees will in fact be monitored or their actions subject to constant surveillance. It is meant to bring to your attention the fact that such monitoring may occur and may result in the collection of personal information relating to employees (e.g. through their use of our resources). When using UMe equipment or resources employees should not have any expectation of privacy with respect to their use of such equipment or resources.
How do we use your personal information?
We may use your personal information:
- for the purposes described in this Privacy Notice; or
- for any additional purposes that we advise you of, and where consent is required by law we have obtained that consent.
When do we disclose your personal information?
We may share your personal information with our employees, contractors, consultants and other parties (including other members of the Pacific Life group) who require such information to assist us with establishing, managing or terminating our employment relationship with you, including: parties that provide products or services to us or on our behalf and parties that collaborate with us in the provision of products or services to our employees. In some instances, such parties may also provide certain information technology and data processing services to us so that we may operate our business. We may share personal information with such parties both in and outside of the UK, and as result, personal information may be collected, used, processed, stored or disclosed in the USA, and in some cases, other countries outside the EEA. Personal information is only transferred by us to another country, including within the Pacific Life group, if this is required or permitted under the applicable privacy legislation.
When we share personal information with such parties we typically require that they only use or disclose such personal information in a manner consistent with the use and disclosure provisions of this Privacy Notice.
In addition, personal information may be disclosed or transferred to another party (including outside of the UK) in the event of a change in ownership of, or a grant of a security interest in, all or a part of UMe through, for example, an asset or share sale, or some other form of business combination, merger or joint venture, provided that such party is bound by appropriate agreements or obligations and required to use or disclose your personal information in a manner consistent with the use and disclosure provisions of this Privacy Notice, unless you consent otherwise.
Further, your personal information may be disclosed:
- as permitted or required by applicable law or regulatory requirements. In such a case, we will endeavour to not disclose more personal information than is required under the circumstances;
- to comply with valid legal processes such as search warrants, summons or court orders;
- as part of UMe’s regular reporting activities to other members of the Pacific Life group (including outside of the UK);
- to protect the rights and property of UMe;
- during emergency situations or where necessary to protect the safety of a person or group of persons;
- where the personal information is publicly available; or
- with your consent where such consent is required by law.
Notification and consent
Privacy laws do not generally require UMe to obtain consent for the collection, use or disclosure of personal information for the purpose of establishing, managing or terminating your employment relationships in the UK. To the extent that consent is required, we will assume, unless advised otherwise, that you have consented to UMe collecting, using and disclosing your personal information for the purposes stated above (including any other purposes stated or reasonably implied at the time such personal information was provided to us).
Where your consent was required for our collection, use or disclosure of your personal information, you may, at any time, subject to legal or contractual restrictions and reasonable notice, withdraw your consent. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to our Data Protection Officer.
How is your personal information protected?
We have in place physical, electronic, and procedural safeguards to protect personal information that we hold against unauthorised disclosure or unlawful processing. Safeguards include only holding personal information on secure servers, the use of encryption, firewalls and access controls and the separation of duties within our organisation to ensure appropriate organisational controls are in place.
How long is your personal information retained?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or regulatory requirements.
We are subject to specific obligations to retain information, including information regarding our employees.
Updating your personal information
It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of your employment, please keep us informed of such changes.
Access to your personal information
You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personal information, please contact the UMe Data Protection Officer using the contact information set out below. Please note that any such communication must be in writing.
In some circumstances we may not agree with your request to change your personal information and will instead append an alternative text to the record in question.
When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.
In the event that we cannot provide you with access to your personal information, we will endeavour to inform you of the reasons why, subject to any legal or regulatory restrictions.
Please note – In the current circumstances we may take longer than usual to comply with access and erasure requests as our offices are currently closed. We will inform you if the request will take longer than the permitted 30 days and provide an estimated date for completion.
Enquiries or concerns?
If you have any questions about this Privacy Notice or concerns about how we manage your personal information, please contact the UMe Data Protection Officer in writing or by e-mail. We will endeavour to answer your questions and advise you of any steps taken to address the issues raised by you. If you are unsatisfied with our response, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Our Data Protection Officer’s contact details are:
Revisions to this privacy notice
UMe may from time to time make changes to this Privacy Notice to reflect changes in its legal or regulatory obligations or in the manner in which we deal with your personal information. Where we believe the changes would materially impact your rights and freedoms we will expressly notify you.
This Privacy Notice was last updated May 2020.