TBE Privacy Notice

Hohe Bleichen 8, 20354, Hamburg, Germany.
PRIVACY NOTICE
Please take time to read this document carefully as it contains details of the basis on which we will process (collect, use, share, transfer) and store your information. You should show this notice to all parties related to any service or related insurance arrangement. If you have given us information about someone else, you are deemed to have their permission to do so.

If you have any questions or need further information you can e-mail riskandcompliance@jensten.co.uk or write to our Compliance Department, Tasker Brokers (Europe) GmbH (UK Branch Office) Beaufort House, 15 St. Botolph Street, London EC3A 7BB.

Tasker Brokers (Europe) GmbH (“TBE”) is registered in Hamburg under number HRB164924. JBE is a Registered Intermediary, an insurance broker with authorisation according to § 34 d para. 1 GewO [German Trade Regulation] with registration number: D-MQOX-AGE3E-97

TBE operates a branch office in England, which is located at Beaufort House, 15 St. Botolph Street, London EC3A 7BB. Our trading names include Enhance Insurance Services Europe and Travel Risk Professionals Europe 

We will, at all times, treat all personally identifiable information strictly in accordance with the General Data Protection Regulations (GDPR) with effect from 25 May 2018 (and with the UK Data Protection Act 2018, where applicable).

We will ensure data is processed lawfully, fairly and in an open and transparent manner and ensure appropriate security measures are in place against unauthorised or unlawful processing or accidental loss, destruction or damage using appropriate technical or organisational measures such as restricting access to key people within our organisation for certain aspects of your information; and periodically checking the level of security we apply to prevent unauthorised use, accidental loss, or misuse of your information.

The contractual arrangements we have in place with our suppliers such as Insurance Companies, our Client Database software provider, and similar providers of services to us, including other third-party companies who use our services, are governed by and shall be deemed to operate strictly in accordance with the terms of such contracts. Importantly, from your perspective, these contracts set out to define how data will be processed between us, including circumstances when we act as a processor or controller as is required by the GDPR.

When acting as a controller of your data, we will, in certain circumstances, determine the purposes and means of processing your data; in particular, this will include the data processed by third parties who use the services of TBE.

LAWFUL BASES
Collecting information about you
When we collect information about you we may collect personal data, which may include a variety of information about an individual including their name, address of residence, communication and contact details, and other personal information such as a date of birth. Where relevant to do so, we may also collect information relating to an individual indirectly, by reference to an identifier such as an IP address, which is a unique number identifying your computer, laptop or similar portable device.

Where required and appropriate to so, we will also collect more sensitive personal information such as details about an individual’s motoring or criminal convictions, details of health and other similarly sensitive information (see the section headed ‘Sensitive Data’ below for more details).

In certain circumstances, for example, when an Insurance Company or similar provider of services to us requires us to do so, we will collect information from a variety of different sources including publicly available sources, such as social media and networking sites; third party databases generally available to the financial services sector, and the wider commerce and industry including MGA’s, Lloyd’s, claims management firms, loss adjusters and / or other suppliers appointed in the process of handling a claim or credit reference and similar agencies. This may include information from you regarding your past insurance policies and arrangements.

If you are providing personal data on behalf of a third party, you must provide them with a copy of this privacy notice and obtain any consent where we require it for the processing of their data.

Using information about you
We will use information, including sensitive information, about individuals, and other parties related
to our insurance activities, because it is principally:
a) necessary for the performance of or to take steps for an individual to enter into a contract
of insurance; or
b) it is necessary for compliance with a legal obligation; or
c) it is necessary to protect the vital interests of a data subject or another person; and
d) necessary for our own legitimate interests or those of other controllers or third parties (e.g.
to search anti-fraud databases and sanctions lists, monitor emails, calls and other
communications for audit purposes or for market research, analysis and developing
statistics) except where such interests are overridden by the interests, rights or freedoms of
the data subject.

These bases include, providing an insurance quotation, arranging and placement of a policy or
underwriting facility, and providing administration through-out the lifecycle of an insurance
arrangement, as well assisting with making a claim.

In certain circumstances, such as when a quotation is requested, or changes are made to an existing
policy, or at each renewal of an insurance arrangement, any or all of our assessment may involve an
automated decision to determine whether we are able to provide an insurance arrangement.
Individuals can object to us using an automated decision (see the ‘Individual Rights’ section) however
in those situations it may prevent us from being able to provide you with insurance.

When processing personal data for profiling purposes, we will ensure appropriate safeguards are in
place, ensuring:
a) processing is fair and transparent and provides meaningful information about the logic
involved, as well as the significance and the envisaged consequences;
b) use appropriate mathematical or statistical procedures for the profiling;
c) appropriate technical and organisational measures are in place to enable inaccuracies to be
corrected and minimise the risk of errors; and
d) secure your personal data in a way that is proportionate to the risk to your interests and
rights and prevents discriminatory effects.

We will also use your information when there is a justifiable reason for doing so, such as compliance
with legal obligation, for example, for the prevention and detection of fraud and financial crime, which
may include processes which profile you; and for the recording and monitoring of telephone calls for
auditing and training reasons.

We will share information, including sensitive information, about you and other parties related to this insurance where it is necessary for:

a) the performance of or to take steps for you to enter into a contract of insurance; or
b) compliance with a legal obligation; or
c) protecting your vital interests; or
d) our own legitimate interests or those of other controllers or third parties; and
e) a task carried out in the public interest or for an exercise of an official authority (e.g. a regulatory body).

This includes sharing your information within the Jensten Group and carefully selected third parties providing a service to us or on our behalf, which includes our Insurance Providers (you can write to our Compliance Department should you wish to view a list of all the insurance companies with which we have arrangements).

What we will not do with your information
Unless required to do so by law, or for other similar reasons, other than those outlined (see ‘Sharing
your information’) we will never otherwise share personal information without a legal basis or without
ensuring the appropriate care and necessary safeguards are in place; we will, in any other event, ask
for your consent to share that information and explain the reasons.

We will only keep and / or maintain information about an individual for as long as is necessary in
providing our products and services or for compliance with a legal or regulatory obligation, including
our legitimate interests or that of a controller where we are the processor.

This means we will only keep information that is necessary so that we can sufficiently deal with
administrative issues, queries, claims and / or for compliance with legal reasons; usually we will keep information for a minimum retention period of 7 years and / or maximum period of 40 years, after
cessation of a product or service we have provided.

However, we will keep information for much shorter periods if that information related merely to a
quotation which did not then result in a contract of insurance being arranged; in these circumstances
we will keep information for a minimum retention period of 12 months and or maximum period of 18
months unless such information becomes manifestly out-of-date in which case we may keep
quotation information for shorter periods.

In any event, all information shall be stored in strict compliance with the GDPR legislation at all times;
and using appropriate technical or organisational measures we will regularly:

a) review the length of time we keep and or maintain information about you;
b) consider the purpose or purposes why we hold the information about you in deciding
whether (and for how long) to retain it;
c) securely delete information about you that is no longer needed for this purpose or these
purposes; and
d) update, archive or securely delete information about you if it goes out of date.

Sensitive Data
In carrying out our duties as Data Controller and Data Processor we will collect special category data,
which we refer to as “sensitive information” or “sensitive data”, about you, and other parties related
to this insurance because it is necessary for:
a) the performance of or to take steps for you to enter into a contract of insurance;
b) compliance with a legal obligation;
c) protecting your vital interests;
d) our own legitimate interests or those of other controllers or third parties; or
e) a task carried out in the public interest or for an exercise of an official authority (e.g. a
regulatory body)

Where there is no other legitimate or legal basis for collecting sensitive data, we will only collect and
process this with your consent. Where you have provided sensitive personal data by consent, you have
the right to withdraw your consent for that specific processing at any time. If you exercise this right,
we will cease to process your sensitive personal data for the purposes for which consent was originally
given.

What we mean by sensitive data includes information falling into the following categories:
a) about an individual’s health including medical conditions;
b) motoring or other criminal convictions;
c) racial or ethnic origin or religious beliefs;
d) political opinions and trade union membership;
f) genetic or biometric data; and
g) sex life or sexual orientation.

We will always apply additional organisational and technical measures for this category of data,
including restrictions to access this data (this is where data may be secured with additional layers of
security to prevent misuse and protect personally identifiable information).

Use and storage of your information overseas
We will transfer, store, or process information about you or an individual, within the European
Economic Area (EEA) and in the UK (outside the EEA). In the event that we are compelled to transfer your information outside the EEA, for example, because it is processed by our UK branch office, or is an insurance arrangement with an Insurance Company which is outside the EEA or part of a larger group of companies which pass information outside the EEA it shall be in compliance with the
conditions for transfer set out in the GDPR and / or restricted to a country which is considered to have
adequate data protection laws. All reasonable steps shall typically have been undertaken to ensure
the firm to which information is being transferred has suitable standards in place to protect such
information.

Using our Website and Cookies
Cookies are operated in strict accordance with the General Data Protection Regulations and, in the
UK, with the Data Protection Act 2018 and Privacy and Electronic Communications Regulations 2011
(PECR). Cookies are widely used by many websites and primarily enable the website to remember an
individual’s preferences, recording information the individual may have entered into the web pages.

Please refer to our section headed ‘Cookies’ for further information.

Individuals have a number of rights relating to the information we hold. These rights include, but are not limited to:

1. a) receiving a copy of the personal information we hold (once requested, we have a maximum of one month to give an individual such information);
   b) rectification of personal information if it is inaccurate or incomplete;
   c) requesting the deletion or removal of an individual’s personal data where there is no compelling reason for its continued processing or suppressing processing of an individual’s personal data. When processing is restricted, we are permitted to store the personal data, but not carry out further processes. We will retain sufficient information about the individual to ensure that the restriction is respected in future (see ‘Marketing’);
2. d) objecting to certain uses of an individual’s personal information (see ‘Marketing’);
   e) in certain circumstance to not be subject to a decision when it is based on automated processing; and / or it produces a legal effect or a similarly significant effect on an individual;
   f) withdrawing any permission you or an individual may have previously provided; and
   g) complaining to the Hamburgusche Beauftragte fur Datenschutz und Informationsfreiheit (HmbBfDI) at any time if you or an individual is not satisfied with our use of such information.

Individuals can request a copy of the personally identifiable information we hold by contacting us about them, including the right to have such information in a portable form ‘a right to data portability’ so we will normally, not only provide the information free of charge (however we may apply a charge where information requests are excessive) but we will provide that information in a format that is easily accessible, sometimes in a CSV format, should an individual require it in that format to ensure information can be exchanged easily with other organisations.

If you would like further information or wish to make a Subject Access Request (SAR) you can e-mail DPO@jensten.co.uk or write to our Compliance Department, Tasker Brokers (Europe) GmbH (UK Branch Office), Beaufort House, 15 St. Botolph Street, London EC3Z 7BB.

When marketing to you as an individual (including individual sole traders and partnerships), we will either rely on the permission we have, if we are able to do so, or we will ask for your permission (consent) to contact you, including the means to contact you, such as by phone, or e-mail, push notifications, SMS text, or post, to tell you about;

a) new products or services we have or are developing which we think may be of interest to you;
b) trialling products and services which we think may improve our service to you or our business processes;
c) offer you rewards; and
d) enter you into a competition.

We will typically ask for permission when you first contact us, however, you will maintain the right to easily withdraw such consent whenever you wish (unsubscribe). We will regularly review any such consent to check that your relationship with us and any processing including the purposes have not changed.

In all situations where we market to a business, we will observe both the market standards and relevant rules and guidelines relating to Privacy and Electronic Communication.

We have in place such a process to ensure we refresh your consent at appropriate intervals, including any parental, or third-party consents (where relied upon) and act on withdrawals of consent (requests to unsubscribe) as soon as we can and not penalise you if you choose not to give or later decide to withdraw your consent.

Research and analysis
Personal information we hold may be converted into statistical or aggregated data (this is data which cannot be traced back to an individual) to produce or undertake statistical or analytical research and development work, which may be shared with our Group companies, to enable us to provide suitable insurance arrangements to the insurance market now and in the future.

We may continue using personally identifiable information we may hold, specifically relating to an individual’s past insurance arrangements or policies, after cessation of any insurance arrangement with us for further processing (e.g. research and analysis).

TBE Privacy Notice v1.0 – April 2022

Hohe Bleichen 8, 20354, Hamburg, Germany

Group Companies
Our Group companies operate under a number of trading names including: Jensten Insurance Brokers; Jensten Brokers Europe; Travel Risk Professionals

For more information on the Jensten Group companies please visit www.jensten.co.uk

Cookies
When visiting our website, you will be asked to accept a cookie, which is a small file of letters and numbers that is downloaded on to your computer when you visit any of our group of companies’ websites. This will be clearly explained to you when you visit the website and you will typically have to accept the cookie to benefit from the services the website can offer.

Cookies are operated in strict accordance with the General Data Protection Regulations (and, where applicable, the UK Data Protection Act 2018 and Privacy and Electronic Communications Regulations 2011 (PECR)) and are widely used by many websites and primarily enable the website to remember an individual’s preferences, recording information the individual may have entered into the web pages.

These same rules also apply if any individual accesses or uses any other type of technology to gain access to information stored electronically by us, for example, an online quote facility or app using a smartphone or similar portable device.

Google Analytics – This cookie is provided by Google, and we use them on our websites in order to analyse how visitors use our website, thereby helping us to improve our websites.

Google Analytics collects information in an anonymous form, including the number of visitors to our websites, how visitors have arrived at our websites, and which pages on our website the visitors have viewed.

You may refuse to accept cookies by activating the setting on your browser that allows you to reject cookies. However, if you select such a setting, this may affect the functioning of our websites. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you access or log on to our websites.

Further information about google analytics can be found here:
https://support.google.com/analytics/answer/6004245
More Information
You can find more information regarding data protection regulations relevant to our branch locations
at the following websites:
In Germany – https://datenschutz-hamburg.de/
In the UK – https://ico.org.uk/
TBE Privacy Notice v1.0 – April 2022