Privacy & Data Protection

Privacy Policy
At AXIS, we routinely collect and use personal information about individuals, including insured persons, claimants or business partners. We take our responsibilities to handle your personal data with care very seriously, and protecting the privacy of your personal data is of great importance to us. In this Privacy Policy, we want you to understand when, why and how we collect and use personal information about you, your rights regarding this information, the conditions under which we may disclose it to others and how we keep it secure.
Important: This Privacy Policy does not supersede the terms of any insurance policy or contract you have with AXIS, nor does it limit or affect any rights you have under applicable data protection regulations.

Who collects your personal information?
The AXIS Capital Group is a group of companies that operate in various jurisdictions around the world. The AXIS entity that originally collected information from you will be principally responsible for managing your personal information. If you have an insurance policy with us, this will be the AXIS entity named on that policy.

To find out the identity of any AXIS company that collects personal information about you as part of providing insurance coverage, check:

If you purchased the policy yourself, the AXIS company or your broker (if purchased through a broker) will provide you with the details of the AXIS company.

If your employer or other third party purchased the insurance for your benefit, contact your employer or third party to obtain details of the AXIS company.

If your personal data is transferred to another entity (for example, a reinsurer or third-party claims administrator), contact your AXIS insurer for details on the other entity.
What type of personal information do we collect about you?

The types of personal information we collect about you depends on your relationship with AXIS. 

If you are an Insured Person or Potential Insured, we collect personal information of the policyholder, prospective insured, and related individuals in order to determine eligibility for, underwrite, and administer insurance policies. In some instances, we may need to collect sensitive personal information, such as information about your medical and criminal history.

If you are a claimant making a claim under an AXIS policy, we may need to collect your contact information, as well as information about your claim and previous claims. We may also need to collect sensitive personal information, depending on the nature of your claim. 

if you are a business partner, we will collect your business contact details.

The types of personal and sensitive personal information we may collect include:

  • Name, address, phone number, email
  • Gender
  • Marital status
  • Date and place of birth
  • Government identification numbers: national insurance, social security, passport, tax, driver's license
  • Family information
  • Banking information
  • Health information/medical history
  • Criminal history
  • Credit history and credit score
  • Claims/policy numbers

Click HERE for further details on the types of information we collect.

How do we collect information about you?

If you are an insured or potential insured, we collect information from you or your representative through the policy application process. We may also collect information about you from your family members or employer, credit reference agencies, anti-fraud databases, sanctions lists, and relevant government agencies, including public registers or databases as well as credit reference organizations.

 

If you are a claimant, we will collect information about you when you notify us of a claim, or if the claim is made by someone with a close relationship to you or who otherwise has authority to make a claim on your behalf. We may also collect personal information about you from others who are involved in the claim, including lawyers, witnesses, experts, and adjusters. Finally, we may consult other public sources to validate the claim or protect against fraud or other financial crime.

 

If you are a business partner, we will collect information about you when you or your company provides that information to us as part of the business relationship.

Why do we collect your personal information?

We may collect your personal information for the following purposes:

 

If you are an insured or potential insured:

  • Account setup, including background checks
  • Evaluating risks to be covered
  • Risk modeling and underwriting
  • Customer service communications
  • Payments to/from individuals
  • Direct marketing
  • Complying with legal or regulatory obligations

 

If you are a claimant:

  • Managing insurance or reinsurance claims
  • Defending or prosecuting legal claims
  • Investigating or prosecuting fraud
  • Complying with legal or regulatory obligations

 

If you are a business partner:

  • Managing our business relationship with you
How do we protect your personal information?

We will only use your personal information where we are satisfied that:

  • where required, you have provided your consent to use your data in the appropriate manner
  • we must use your personal information to perform a contract – for example, to manage your insurance policy with us
  • we have a legitimate interest as a business to use your personal information – for example, to improve our products
  • If we are required to collect sensitive personal information about you, we will make sure we have the right to do so.

Typically, the right will arise from:

  • your explicit consent to collect and use the information
  • an insurance-specific exemption provided by regulations enacted by specific European Union (EU) member states, permitting the collection and use of such sensitive personal information
  • our need to establish, exercise, or defend your legal rights as an insured or claimant, or the rights of AXIS.

Please Note: If you provide explicit consent to our collection of sensitive personal information, you may withdraw this consent to this collection and use at any time. However, your withdrawal of consent may prevent us from providing you with appropriate insurance services, and in certain circumstances it may not be possible for insurance coverage to continue. If you choose to withdraw your consent, we will inform you of the possible consequences and effects, including cancellation of your policy.

Where does your personal information go?

We may need to transfer your personal information to third parties or to AXIS offices outside the European Economic Area (EEA), to help manage our business and delivery of services to you. The third parties may include:

 

For insureds or potential insureds:

  • Brokers
  • Other insurers or reinsurers
  • Service providers who supply back office support
  • Regulators, including the Financial Conduct Authority (FCA), Information Commissioners’ Office (ICO), or Prudential Regulation Authority (PRA)
  • Credit reference agencies
  • Foreign law enforcement agencies

 

For claimants:

  • Third-Party Administrators
  • Adjusters and other claims experts
  • Service providers who supply back-office support
  • Outside legal counsel
  • Credit reference agencies
  • Foreign law enforcement agencies

 

Whenever it is necessary to transfer your personal information to our affiliates, agents or contractors located outside of the EEA, we will take appropriate steps to ensure that such transfer adequately protects your rights and interests.

 

We will only transfer your personal information to countries recognized as providing an adequate level of legal protection, or where we are satisfied that protections are in place to properly protect your privacy rights.


Transfers within AXIS entities are covered by intra-organizational agreements that provide specific requirements designed to ensure your personal information receives adequate protection whenever it is transferred within AXIS.


Transfers to our service providers and business partners are protected by contractual agreements that also require an adequate level of data protection.

How long do we keep your information?

We will keep your personal information only so long as is necessary to provide service to you under your policy, or for the purposes described above. Specifically, we will keep your information for so long as a claim may be brought under the policy, or where we are required to keep your personal information to satisfy legal or regulatory obligations.

 

In some cases, we may keep your personal information for longer periods of time, in order to maintain accurate records in the event of future complaints, challenges, or litigation regarding your policy, claims, or other issues that may arise.

 

Once your personal information is no longer required, it will be securely deleted.

Your Rights

You have certain rights in relation to how AXIS collects and uses your personal information. To exercise any of these rights, please contact us as set forth below.  Your rights include:

 

Right to Access – you may:

  • confirm whether we are collecting and using your personal information
  • obtain a copy of your personal information from AXIS
  • obtain additional information about your personal information, including:
    • what information we have
    • how we collect your information
    • how we use it
    • to whom we disclose it
    • whether we transfer it outside the EEA, and how we protect it
    • how long we keep it
    • your rights
    • how you can make a complaint


Right to Rectify
– you may ask us to correct personal information that is inaccurate.

 

Right to Erasure – you can ask us to erase your personal information only where:

  • it is no longer needed for the purposes for which it was collected
  • you have withdrawn consent that you explicitly provided
  • it was unlawfully processed
  • you have an appropriate Right to Object (see below)

AXIS must comply with a legal obligation to erase the personal information.

AXIS is not required to erase your personal information if continued collection and use of it is necessary:

  • to comply with a legal obligation
  • to establish, exercise or defend legal claims of the company or our insureds.


Right to Restrict Use
– you can ask us to restrict the use of your personal data only where:

  • you contest its accuracy, in order to give us the opportunity to verify and correct it
  • its collection and use is unlawful, but you do not want it erased
  • it is no longer needed for the purposes for which it was collected, but is still needed to establish, exercise, or defend legal claims
  • you have exercised the right to object and that decision is pending.

We may continue to use your personal information where:

  • you consented to its use, and have not withdrawn that consent
  • we must use it to establish, exercise, or defend legal claims
  • we must use it to protect the rights of another person.


Right to Data Portability
– you can ask that we provide your personal information to you in a structured, portable format, or that your personal information be directly transferred to another company, but only if our collection and use of that information:

  • is based on your consent, or on the performance of a contract with you
  • is carried out by automated means.


Right to Object
– you can object to the collection and use of your personal information for which AXIS uses “legitimate interest” as its basis for collection, if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you object, we have the opportunity to demonstrate that our legitimate interests are compelling enough to override your rights and freedoms.

 

Right to File Complaint – you can file a complaint with your local supervisory authority regarding our collection and use of your personal information.

 

International Transfers – you can ask for information on the protections under which your personal information is transferred outside of the EEA. We may redact certain portions of this information for reasons of commercial sensitivity.

 

Subject Access Requests Administration: the following may apply to your request regarding your personal information:

  • We will respond to all valid requests within thirty days.
  • You will not be charged a fee when we process your request. We reserve the right to charge a reasonable fee if your request is unfounded, repetitive or excessive.
How to Contact Us

Please address all inquiries, requests, and other communications regarding your personal information or this Privacy Policy to:

Contact: Data Protection Officer

Email: dpo@axiscapital.com

Address: 71 Fenchurch Street, London, EC3M 4BS

Phone: +44 20 7877 3907