Who collects your personal data?

AXIS is a group of companies that operate in various jurisdictions around the world. The AXIS entity that originally collected data from you will be principally responsible for managing your personal data (“Data Controller”) and will be responsible for deciding how your personal data will be held and used.

To find out the identity of any AXIS company that collects personal data about you as part of providing insurance coverage, check:

  • If you submitted an application for a vacant role at AXIS, the AXIS company you applied to will provide you with the details of the AXIS company.
  • If your CV has been shared with us by a recruitment agency, contact the agency for details of the AXIS company your personal data has been submitted to.

AXIS companies that receive your personal data each constitute a separate Data Controller, each of which is responsible for deciding how it holds and uses your personal information.

AXIS is subject to different European data protection laws in the various jurisdictions in which it operates.

  • The EU GDPR applies to data collected by an AXIS entity located within the EU and/or data held by an AXIS entity located outside the EU, where that entity has collected data from or about you while you were located within the EU.
  • The UK GDPR applies to data collected by an AXIS entity located within the UK and/or data held by an AXIS entity located outside the UK, where that entity has collected data from or about you while you were located within the UK.
  • The Swiss Federal Act on Data Protection (FADP) applies to data collected by an AXIS entity located within Switzerland and/or data held by an AXIS entity located outside Switzerland, where that entity has collected data from or about you while you were located within Switzerland.

What type of personal data do we collect about you?

We process personal data you or the recruitment agency provide us, which may include the following categories of information:

  • Age and date of birth (not applicable in the UK)
  • Application form, CV and interview notes
  • Brief description of job titles and duties performed in your past roles
  • Documentation confirming your right to work in the UK
  • Government identification numbers – e.g. national insurance,, passport, tax, driver’s license
  • Offer letter and proposed contract between you and AXIS
  • Personal contact details (including name, address, email, telephone number)
  • Professional memberships and qualifications
  • References and details of previous employers
  • Results of the following recruitment tests: numerical, verbal, capability

and the following categories of special category personal data:

  • Marriage or civil partnership status
  • Criminal History
  • Data revealing race, religious beliefs or sexual orientation
  • Health data including disability information

Where we will process special category personal data about you, we shall apply safeguards in accordance with the applicable data protection legislation.

How do we collect data about you?

Your personal data will come from you during the recruitment process and may also come from the following sources:

  • Background check providers may provide us with personal data including spent and unspent convictions, police records of convictions, cautions, reprimands and warnings, previous names, date and place of birth and gender
  • Credit reference agencies may provide us with personal data including your date of birth, passport details, sex, nationality, credit scores and details of previous bankruptcy
  • Former employers or other referees, whom you have given us permission to contact, may provide us with personal data and information regarding past employment
  • Medical professionals may provide us with personal data concerning any medical conditions or medical causes of concern
  • Professional bodies that confirm membership / qualifications / training may provide us with the following personal data such as grade of qualification received, date of birth, name and surname
  • Recruitment agencies may provide us with personal data including your name, CV, contact and address details

If you would like more information on the source of your personal data, please contact the Data Protection Officer (DPO).

Why do we collect data about you?

We collect your personal data for the following purposes:

  • Check you are legally entitled to work in the UK or other jurisdiction where AXIS operates
  • Consider reasonable adjustments to the recruitment process for disabled applicants
  • Contact you regarding the recruitment process and any offer of work
  • Determine the terms of any potential contract between you and us
  • Establish whether you can undergo an assessment which forms part of the application process
  • Establish whether you will be able to carry out a function that is intrinsic to the particular work
  • If you have accepted an offer of work from us that is subject to checks: Assess your fitness to work via a health questionnaire or medical report, carry out background checks, carry out credit checks, confirm your professional memberships, registrations and / or qualifications, take up references (from referees whom you have given us permission to contact)
  • Make a decision about your recruitment or appointment, including assessing your skills, qualifications and suitability for the work

Our legal basis for processing your personal data

Where we process your personal data for the purposes set out above, we generally rely on one or more of the following legal bases.

For all personal data:

  • Performance of a contract – we must use your personal data to enter an employment contract with you
  • Legitimate interests – we have a legitimate interest in using your personal data to select suitable employees
  • Legal obligation – we must use your personal data to comply with our legal or regulatory obligations – for example, in relation to carrying out background checks

It may be necessary for us to process some special category personal data in order to comply with legal or regulatory obligations (such as making reasonable adjustments for clients with disabilities), or if we need to do so in order to seek confidential legal advice or establish or defend legal claims. We will also use your special category personal data, where appropriate, on the following specific bases:

  • Employment, social security and social protection – it is necessary to use your special category data to perform or exercise obligations or rights which are imposed or conferred by law connection with employment, social security or social protection
  • Equality of opportunity or treatment - it is necessary to use your special category data to identify or keep under review the existence or absence of equality of opportunity or treatment between groups of people within AXIS
  • Health or social care purposes - it is necessary for us to use your special category personal data for the purposes of preventive or occupational medicine, or assessing your working capacity
  • Racial and ethnic diversity at senior levels of organisations - it is necessary to use your special category data to promote or maintain diversity in the racial and ethnic origins of individuals who hold senior positions within AXIS
  • Statutory and government purposes - it is necessary to use your special category data to complete background checks when you are offered a position at AXIS

Further information on the purpose for processing your personal data and the legal bases we rely on are included in the table at the bottom of this Privacy Notice.

How long do we keep your personal data?

We will retain your personal data in accordance with our retention policies and, in any case, for no longer than necessary to comply with legal or regulatory requirements. Retention periods for personal data are reviewed periodically and the periods for storage specified in it may alter depending on changes to law and regulation, best practice and similar matters.

It may be necessary for AXIS to suspend any planned destruction or deletion of personal data where legal or regulatory rules require that we preserve the data, or where proceedings are under way which require the data to be retained until those proceedings have finished. For example, data that relates to litigation or is reasonably foreseeable to be relevant for litigation purposes must be retained until that litigation is completed.

If you would like more information on the source of your personal data please contact the DPO.

Where does your personal data go?

We may need to transfer your personal data to third parties or to other AXIS group companies, to help manage our business and delivery of services to you. The third parties may include:

  • Health and safety executive
  • Health professionals and occupational health providers involved in your care
  • Legal counsel
  • Other entities in AXIS group
  • Other third parties as necessary to comply with the law
  • Potential or actual purchasers of the business, or other third parties in the context of a possible sale or restructuring of the business
  • Service providers (including IT service providers and those involved in providing benefits in connection with your employment or engagement)

Transferring your personal data outside the EU

We may transfer your personal data to other companies in our group and our suppliers in the United States, Canada, Bermuda, India, Singapore, Dubai, and the Philippines. We do this for management purposes, reporting activities on company performance for regulatory or statutory purposes, in the context of a business reorganisation or group restructuring exercise, and for system maintenance support and hosting of data.

Whenever it is necessary to transfer your personal data to other companies of the group, agents or contractors located outside the EEA, we will take appropriate steps to ensure that such transfer adequately protects your rights and interests.

We will only transfer your personal data to countries recognized as providing an adequate level of legal protection, or where we are satisfied that protections are in place to properly protect your privacy rights.

Transfers between AXIS companies are covered by intra-organizational agreements that provide specific requirements designed to ensure your personal data receives adequate protection whenever it is transferred within AXIS.

Transfers to our service providers and business partners are protected by contractual agreements approved by the European Commission or by the UK Information Commissioner’s Office. Before transferring your data to our service providers, we ensure they can provide adequate level of data protection.

Automated decision-making

We do not make any decision about you based solely on automated processing (i.e. without human intervention), which have a legal or similarly significant effect on you.

Your Rights

You have certain rights in relation to how AXIS collects and uses your personal information. To exercise any of these rights, please contact in the first instance the AXIS entity that originally collected the data from you as set forth below. Your rights include:

Right to Access – you may:

  • Confirm whether we are collecting and using your personal data
  • Obtain a copy of your personal data from AXIS
  • Obtain additional information about your personal data, including:
  • What data we have
  • How we collect your data
  • How we use it
  • To whom we disclose it
  • Whether we transfer it outside the EEA, and how we protect it
  • How long we keep it
  • Your rights
  • how you can make a complaint

Right to Rectify – you may ask us to correct personal data that is inaccurate.

Right to Erasure – you may ask us to erase your personal data only where:

  • It is no longer needed for the purposes for which it was collected
  • You have withdrawn consent that you explicitly provided
  • It was unlawfully processed
  • You have an appropriate Right to Object (see below)
  • AXIS must comply with a legal obligation to erase the personal data.
  • AXIS is not required to erase your personal data if continued collection and use of it is necessary:
  • To comply with a legal obligation
  • To establish, exercise or defend legal claims of the company or our insureds.

Right to Restrict Use – you may ask us to restrict the use of your personal data only where:

  • You contest its accuracy, in order to give us the opportunity to verify and correct it
  • Its collection and use is unlawful, but you do not want it erased
  • It is no longer needed for the purposes for which it was collected, but is still needed to establish, exercise, or defend legal claims
  • You have exercised the right to object and that decision is pending.
  • We may continue to use your personal data where:
  • You have consented to its use, and have not withdrawn that consent
  • We must use it to establish, exercise, or defend legal claims
  • We must use it to protect the rights of another person.

Right to Data Portability – you may ask that we provide your personal data to you in a structured, portable format, or that your personal data be directly transferred to another company, but only if our collection and use of that information:

  • Is based on your consent, or on the performance of a contract with you
  • Is carried out by automated means.

Right to Object – you may object to the collection and use of your personal data for which AXIS uses “legitimate interest” as its basis for collection if you believe your fundamental rights and freedoms outweigh our legitimate interests. Once you object, we have the opportunity to demonstrate that our legitimate interests are compelling enough to override your rights and freedoms.

Right to information about automated processing – you may ask for information regarding the logic involved, as well as the significance and the envisaged consequences of such processing.

Right to File Complaints – you may file a complaint with your local supervisory authority regarding our collection and use of your personal data.

Local supervisory authorities for AXIS companies are set out below. We also provide below details of the EU representatives (for UK-based AXIS companies) and UK representative (for EU -based AXIS companies):

AXIS CompanyLocal Supervisory AuthorityEU Representative
AXIS UK Services Limited (formerly Novae Management Limited)ICONot applicable
AXIS Re SEDPCNot applicable
AXIS Specialty Europe SEDPCNot applicable

International Transfers – you may ask for information on the protections under which your personal data is transferred outside of the EEA. We might redact certain portions of this data for reasons of commercial sensitivity.

The following may apply to your request regarding your personal data:

  • We will respond to all valid requests within one month of receipt.
  • You will generally not be charged a fee when we process your request.

We reserve the right to charge a reasonable fee if your request is manifestly unfounded or excessive or you ask us for further copies of information already provided.

How to Contact Us

Please address all inquiries, requests, and other communications regarding your personal data or this Privacy Notice to:

Contact: Data Protection Officer Email: [email protected] Address: 52 Lime Street, London EC3M 7AF Phone: +44-20-7877-3800

Published: 18 March 2024 v2.1

Appendix to AXIS Recruitment Privacy Notice (Europe)

Data marked * in the table below is ‘special categories of personal data’

PURPOSEPERSONAL INFORMATION PROCESSEDLEGAL BASIS FOR PROCESSINGWE MAY DISCLOSE TO OR SHARE WITH:
Applicants
Check you are legally entitled to work in the UK or other jurisdiction where AXIS operates

Documentation confirming your right to work in the relevant country

Personal contact details (including name, address, email, telephone number)

To enter or carry out the contract

To comply with a legal obligation

Other third parties as necessary to comply with the law
Consider reasonable adjustments to the recruitment process for disabled applicants

Personal contact details (including name, address, email, telephone number)

Health data including disability information

To enter a contract

To comply with a legal obligation

For our legitimate interests (To select suitable employees, and contractors)

For special categories of data:

Employment, social security and social protection

Health and safety executive

Health professionals and occupational health providers involved in your care

Other entities in AXIS group

Other third parties as necessary to comply with the law

Contact you regarding the recruitment process and any offer of workPersonal contact details (including name, address, email, telephone number) To enter a contract To enter a contract

Other entities in AXIS group

Service providers (including IT service providers and those involved in providing benefits in connection with your employment or engagement)

Determine the terms of any potential contract between you and usOffer letter and proposed contract between you and AXISTo enter a contractOther entities in AXIS group
Establish whether you can undergo an assessment which forms part of the application process

Personal contact details (including name, address, email, telephone number)

Professional memberships and qualifications

Health data including disability information*

To enter a contract

To comply with a legal obligation

For our legitimate interests (To select suitable employees, and contractors)

For special categories of data:

Employment, social security and social protection

Health or social care purposes

Other entities in AXIS group
Establish whether you will be able to carry out a function that is intrinsic to the particular work

Personal contact details (including name, address, email, telephone number)

Professional memberships and qualifications

Health data including disability information

To enter a contract

To comply with a legal obligation

For our legitimate interests (To select suitable employees, and contractors)

For special categories of data:

Employment, social security and social protection

Health and safety executive

Health professionals and occupational health providers involved in your care

Other entities in AXIS group

Other third parties as necessary to comply with the law

If you have accepted an offer of work from us that is subject to checks:

Assess your fitness to work via a health questionnaire or medical report

Carry out background checks (where applicable)

Confirm your professional memberships, registrations and / or qualifications

Take up references (from referees whom you have given us permission to contact)

References and details of previous employers

Professional memberships, registrations and qualifications

Correspondence and results regarding the following background checks: financial checks, due to regulatory requirements, past employment references

Results of credit check

Criminal history

Health data including disability information

To enter a contract

To comply with a legal obligation

For our legitimate interests (To select suitable employees, and contractors)

For special categories of data:

Employment, social security and social protection

Statutory and government purposes

Health and safety executive;

Health professionals and occupational health providers involved in your care

Other entities in AXIS group

Other third parties as necessary to comply with the law

Service providers (including IT service providers and those involved in providing benefits in connection with your employment or engagement)

Make a decision about your recruitment or appointment, including assessing your skills, qualifications and suitability for the work

Application form, CV and interview notes

Brief description of job titles and duties performed in your past roles

Personal contact details (including name, address, email, telephone number)

Professional memberships and qualifications

References and details of previous employers

Results of the following recruitment tests: numerical, verbal, capability

Criminal History

To enter a contract

For our legitimate interests (To select suitable employees, and contractors)

For special categories of data:

Employment, social security and social protection

Racial and ethnic diversity at senior levels of organisations

Statutory and government purposes

Other entities in AXIS group