Statement of Data Protection and Privacy Policies
Guernsey International Insurance Association (‘GIIA’ or “the Association” or “we” or “us”)
This Statement of our Data Protection and Privacy Policies explains how we collect, use, disclose, transfer and store your personal information. It also details your rights under the Data Protection (Bailiwick of Guernsey) Law 2017 (“the Law”). GIIA is committed to protecting the privacy of people whose personal data we are obliged to collect as a not-for-profit association of members. We fully endorse and adhere to the Law and to the Principles of the EU General Data Protection Regulation. We regard the lawful and appropriate treatment of personal information as very important to our successful operations, and essential to maintaining confidence between the Association and those with whom it carries out business. These include but are not limited to
- Members and former members
- those who use our services (including parties who are not actually members)
- contractors, consultants and service providers
- contacts, business partners and visitors to our website
Please note that throughout this Privacy Statement the word “website” refers to any web page hosted under our www.giia.gg domain.
As GIIA has collected your data it is designated as a Controller of Personal Information under the Law. If you have any questions about any aspect of this statement please contact us at [email protected]
We don’t collect or harvest personal data through our website for statistical or marketing purposes. However, our server may record your IP address data together with the date, time and duration of your visit. You are not required to provide any personal information to access public areas of our website. If your initial communication with us is via the details on our “Contact Us” page, depending on the nature of your enquiry or request, we may add the information you supply to our contact database.
We only retain information that is necessary for the purposes set out in this Statement. We use personal information which we have collected from you in order to:
- provide you with a full and effective service
- communicate with you in connection with any services that we are providing as an Association to you
- ensure compliance with regulatory requirements and applicable law
- carry out our administrative purposes
We only collect, use and otherwise process information revealing racial or ethnic origin, political opinions, religious beliefs or relating to your health or sexual orientation or otherwise (which is designated by applicable data protection laws as a “sensitive” or “special” category of personal information) where and to the extent that you have given your explicit consent, unless we are otherwise permitted or required under applicable data protection laws.
We will not usually send out direct marketing communications other than informing you of updates or upcoming events. As set out in the Your Rights section below, where you have given us your consent to send you marketing communications you may withdraw that consent at any time by unsubscribing to our circulations on the website or contacting us via [email protected]
In the event of a re-organisation, change in structure, or transfer of all or part of our business, we reserve the right to transfer all our data, including personal information, to a new entity or to third parties through which our business will then be carried out. We will use all reasonable efforts to notify you of such change by posting details on www.giia.gg via an email, sent to the email address you provide.
The Association has business relationships with third parties and in some instances, we may disclose your personal information to them where this is necessary to perform the services for which you have engaged us, or in furtherance of an outsourcing or other data processing arrangement. In those circumstances we will ensure that the third party is contractually bound to process personal information only in accordance with applicable data protection laws and with our specific instructions and requirements, and at all times in a manner that protects your rights under applicable data protection law. We will only disclose your information where you have given your consent or where we are required to do so by law, or where it is necessary for the purpose of, or in connection with legal proceedings or in order to exercise or defend legal rights.
As part of those transfers of information, personal data may be transferred to or accessed from countries whose laws provide a level of protection for personal data which may not always be equivalent to the level of protection that may be provided in your own country. In particular, if your personal information is transferred to a country outside of the EEA, we ensure that cross border transfers comply with all relevant laws and regulations.
Unless you have expressly consented to the transfer of personal information, or the transfer is necessary for the performance of the services for which we have been engaged or the conclusion or performance of a contract concluded in your interests, or the transfer is otherwise permitted by applicable data protection laws, we will only transfer your personal information to a country that is deemed to have an adequate level of protection under the applicable data protection law, or where we have put in place adequate safeguards to protect the personal information.
In particular, where we send your personal information outside the EEA, we will only do so where the recipient of the information is subject to binding corporate rules, standard data protection clauses approved under applicable law, an approved code of conduct or an approved certification mechanism.
We will only retain your personal information for so long as there is a reasonable need to do so for the purposes set out in this Statement, or as required by applicable law.
GIIA is committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorised access, use, or disclosure. These systems are constantly under review and we use the most appropriate technologies available from time to time.
Our email messages sometimes include links to other websites which are not within our control. Once you have left our email message, we cannot be held responsible for the content of other websites or the protection and privacy of any information which you provide to those websites. You should exercise caution and look at the privacy statement applicable to the website in question.
Your Rights under the Law
You have various rights in respect of the personal information that we collect, use, disclose and transfer concerning you, which are set out below. Should you wish to exercise your rights please contact us at [email protected]
Right of Access
You are entitled to obtain from us details concerning the processing of your personal information. This includes details of the data being processed, the purposes of the processing, any recipients of that information, the period for which the information is processed, the source of the information (if it is not provided by you), any international transfers of the information and the protections we put in place to protect your information. You are also entitled to details of any automated decision making, including profiling, involving your information (although the Association does not currently use such technologies). You are entitled to a copy of the personal information we process about you (including in electronic form). Additional copies may be subject to a reasonable administrative fee.
Right to Rectification
You are entitled to have any incomplete and inaccurate personal information held by us rectified.
Right to Erasure
In certain circumstances you are entitled to have personal information erased, including: where this is no longer necessary for the purposes for which it was collected and/or processed, or you withdraw consent to our use of the information. We may continue processing the information in certain circumstances, including if there are grounds other than consent for processing the information, where processing is in compliance with a legal obligation or for reasons of public interest, or for the exercise or defence of legal claims. If you request that we erase your personal information we shall advise you if we consider that there are on-going grounds permitting us to continue processing your information.
Right to Restrict Processing
You can ask us to restrict the processing of personal information we hold about you if you contest the accuracy of that personal information, consider that the processing is unlawful but you do not want us to erase the information, you wish the information to be retained in connection with a legal claim, or you have objected to the grounds upon which we process the information. Where you have asked us to restrict processing the information we shall only hold, process and erase the information as permitted by you or as permitted by applicable data protection laws. We will advise you if we do not agree with your request to restrict processing and our reasons.
Right to Data Portability
Where you provide personal information to us and consent to us using it and the processing is carried out by automatic means you are entitled to receive a copy of that information in a machine-readable format and for that to be provided to another data controller, where technically possible. The Association does not currently use automatic data processing technologies.
Right to Object
You are entitled to object to GIIA collecting, using and otherwise processing your personal information. We will cease processing your personal information unless we are legitimately processing the information on a legally required or permitted basis, there are compelling legitimate grounds for continuing to process the personal information, or we are otherwise permitted to process the information under applicable data protection laws. If this is the case, we will advise you of the basis upon which we continue to process your personal information. If you are not clear of the grounds upon which we collect, use and process your personal information you can ask us to confirm this to you, as part of the Right of Access set out above.
Right to Withdraw Consent
Where you have given us consent to make use of your personal information for any of the purposes outlined in this Statement you are entitled to withdraw that consent. You may do this by emailing us at [email protected]
Right to Complain
In the event that you have any questions, concerns or complaints regarding this Privacy Statement or the manner in which the Association collects, uses and otherwise processes your personal information we will always seek to address them promptly and to your satisfaction. However, if you consider that we have not done so you are entitled to lodge a complaint to your local supervisory authority. If you are unclear who the appropriate supervisory authority is for you, please contact us at [email protected]
This Statement may be updated from time to time. The current version is available to view or download from our website at www.giia.gg any questions in relation to this privacy statement should be sent to [email protected]