Privacy notice

What is the purpose of this document?

United Insurance Brokers (DIFC) Ltd. (“UIB (DIFC) Ltd.”, we, our or us) is committed to protecting the privacy and security of the personal information that we process in the conduct of our business. This privacy notice describes how we may collect and use personal information about you.

Data protection principles

All personal information we hold about you will be:

  1. used lawfully, fairly and in a transparent way;
  2. collected only for valid purposes that we have clearly explained to you, and not used in any way that is incompatible with those purposes;
  3. relevant to the purposes we have told you about, and limited only to those purposes;
  4. accurate and kept up to date;
  5. kept only as long as necessary for the purposes we have told you about; and
  6. kept securely.

The kind of information we hold about you

Personal data, or personal information, means any information about you from which you can be identified. It does not include data where your identity has been removed.

There are certain special categories of more sensitive personal data (sometimes known as special categories of data) which require a higher level of protection (see below).

We may collect, store, and use the following categories of personal information about you:

  • individual details: name, address (and proof of address), other contact details (e.g. email and telephone details), gender, marital status, family details, date and place of birth, employer, job title and employment history;
  • identification details: identification numbers issued by government bodies or agencies depending on the country you are in, social security or national insurance number, passport number, ID number, tax identification number, driver’s licence number;
  • financial information: bank account number and account details, income and other financial information.

 

We may also collect, store and use the following categories of sensitive personal information about you:

  • health data as it relates to your work for us, including current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g. smoking or consumption of alcohol, prescription information, medical history);
  • criminal convictions, including driving offences;
  • credit history and credit score, information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies;
  • marketing data; and
  • details of your visits to our websites and information collected through cookies and other tracking technologies, including your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.

How is your personal information collected?

We typically collect personal information from various sources, including (depending on the country you are in):

  • individuals and their family members, online, or by telephone, or in written correspondence;
  • individuals’ employers or trade or professional associations of which they are members;
  • credit reference agencies;
  • anti-fraud databases and other third party databases, including sanctions lists;
  • government agencies, such as vehicle registration authorities and tax authorities; and
  • business information and research tools.

How we will use information about you

We will only use your personal information as the law allows. Most commonly, we will use your personal information in the following circumstances:

  1. where we need to perform a contract we have with you;
  2. where we need to comply with a legal obligation;
  3. where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests.

 

We may also use your personal information in the following situations, which are likely to be rare:

  1. where we need to protect your interests (or someone else’s interests);
  2. where it is needed in the public interest, to comply with a legal obligation, or for official purposes.

Situations in which we will use your personal information

We will only collect, use or otherwise process the information in the lists above (see The Kind Of Information We Hold About You) for one or more of the following business purposes:

  1. Entering into and performing agreements with suppliers, investors, joint venture partners and other business partners.
    This involves processing personal data necessary to enter into and perform agreements with suppliers, investors, joint venture partners and other business partners.
  2. Relationship management and marketing.
    This purpose addresses activities such as maintaining and promoting contact with existing and prospective suppliers, investors, joint venture partners and other business partners, and the development, execution and analysis of market surveys and marketing strategies for the UIB group of companies.
  3. Business process execution, internal management and management reporting.
    This purpose addresses activities such as managing company assets, conducting internal and external audits and investigations, finance and accounting, implementing business controls, provision of central processing facilities for efficiency purposes, managing mergers, acquisitions and divestitures, and processing personal data for management reporting and analysis.
  4. Health, safety and security.
    This purpose addresses activities such as those involving safety and health, the protection of UIB group company and employee assets, and the authentication of supplier, investor, joint venture partner and other business partner status and access rights.
  5. Compliance with legal obligations.
    This purpose addresses processing personal data necessary to comply with a legal or regulatory obligation to which a UIB group company is subject.
  6. Protection of individuals’ vital interests.
    This is where processing is necessary to protect the vital interests of an individual. Your personal data may be processed for a different legitimate business purpose (a secondary purpose) from the purpose for which the personal data was originally collected (the original purpose) only if the original purpose and the secondary purpose are closely related. Depending on the sensitivity of the personal data in question and whether using your personal data for the secondary purpose has potential negative consequences for you, when processing the personal data for a secondary purpose UIB will take additional measures to protect your interests where necessary. We are generally free to process personal data for one or more of the following secondary purposes:

 

  1. to transfer the personal data to an archive;
  2. for internal audits and investigations;
  3. to implement business controls;
  4. for dispute resolution, or legal or administrative proceedings; or
  5. insurance purposes.

 

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

Change of purpose

We will only use your personal information for the purposes for which we collected it as described above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will set out the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

How we use particularly sensitive personal information

Where you are providing us with information about a person other than yourself, you agree to notify them of our use of their personal data and to obtain their consent for us to that use.

Individuals may withdraw their consent to processing at any time by contacting the UIB (DIFC) Ltd. Data Protection Representative using the contact details set out in the Queries and Complaints section below.

Do we need your consent to use your sensitive personal information?

We do not need your consent if we use your sensitive personal information to carry out our legal obligations, or in exercise of specific legal rights.

In limited circumstances, we may approach you for your written consent to allow us to process your sensitive personal data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You are not obliged to give your consent and we cannot make you consent, or penalise you if you refuse to consent.

Right to withdraw consent

As described above, in some cases we only collect, process or transfer your personal information if you consent to the specific processing in question, and then you have the right to withdraw that consent at any time.

To exercise that right in any case you should contact our Data Protection Representative. Once we learn from you that you have withdrawn your consent we will no longer process your information for the purpose or purposes you originally agreed to, unless the law allows to do so for another reason.

Automated decision-making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:

  • where we have notified you of the decision and given you 21 days to request us to reconsider it;
  • where it is necessary to perform our contract with you and appropriate measures are in place to safeguard your rights;
  • in limited circumstances with your explicit written consent, and where appropriate measures are in place to safeguard your rights.


If we make an automated decision on the basis of any sensitive personal information, either we must have your explicit written consent, or taking the decision automatically must be in the public interest, and we must also put in place appropriate measures to safeguard your rights.

We do not make decisions in this way. If this changes we will let you know.

Data sharing

We may need to share your data with others, including external service providers and other companies in the UIB group.

We require everyone to whom we give your data to keep it securely and to treat it as the law requires.

We may transfer your personal information outside the European Economic Area.

If we do, you can expect a similar degree of protection in respect of your personal information as you have from us.

Why might you share my personal information with others?

We may share your personal information with others where required by law, where it is necessary to administer the business relationship we have with you, or where we have another legitimate interest in doing so.

How secure is my information in the hands of others?

All our external service providers and other UIB group companies are required to take appropriate security measures to protect your personal information. We do not allow our external service providers or other UIB group companies to use your personal data for their own purposes. We only let them process your personal data for specified purposes, and as we tell them.

Do you share my personal information with anyone else?

We may share your personal information with other people. We may also need to share your personal information with the Financial Conduct Authority of the United Kingdom, other regulators, or to comply with the law.

Transferring information outside the EEA

We will only ever transfer your personal information outside the European Economic Area in compliance with our Data Protection Policy.

Data security

We have put in place measures to protect the security of your information. These are set out in our Data Protection Policy.

Others will only process your personal information for specified purposes and as we tell them, and where they have agreed to treat the information confidentially and keep it secure.

We have put in place security measures to prevent your personal information from being:

  • accidentally lost;
  • used or accessed in an unauthorised way;
  • altered; or
  • disclosed.

Keeping us informed

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us via our Data Protection Representative whose contact details are set out below.

Your rights in connection with personal information

In certain circumstances, by law you have the right:

  • to request access to your personal information. In that way you can get a copy of the personal information we hold about you and check that we are processing it lawfully;
  • to ask us to correct any inaccurate or incomplete personal information that we hold about you;
  • to ask us to delete or remove personal information where there is no good reason for us to keep it;
  • to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
  • to object to us processing your personal information where our basis for the processing is that we (or someone else) have a legitimate interest to do so, and there is something about your particular situation which makes you want to object to the processing taking place on this basis;
  • to ask us to suspend our processing of your personal information, for example if you want us to show you that the information is accurate, or why we are processing it;
  • to ask us to transfer your personal information to someone else.

 

If you want:

  • to review, verify, correct, or ask us to delete your personal information; or
  • to object to us processing your personal information; or
  • to ask us to transfer your personal information to someone else

 

You may do so at any time. Please address your request to our Data Protection Representative whose contact details are set out below.

What we may need from you when you send us a subject access request

If you send us a subject access request we will usually respond within a month. Before we do so, we need to ask you for information to help us confirm your identity and to make sure that the right to access your information (or to exercise any of your other rights) is a proper request being made by you and not by anyone else (so that no one gets to see personal data that does not belong to them). This process could lead to a delay before we can reply fully to you.

No fee usually required

In most cases there is no fee for you to pay to access your personal information (or to exercise any of your other rights described in this notice). But if your request for access is unfounded or excessive we may then choose either to charge you a reasonable fee, or refuse to comply with your request.

Right to withdraw consent

As described above, in some cases we only collect, process or transfer your personal information if you consent to the specific processing in question, and then you have the right to withdraw that consent at any time.

To exercise that right in any case you should contact our Data Protection Representative whose contact details are set out below. Once we learn from you that you have withdrawn your consent we will no longer process your information for the purpose or purposes you originally agreed to, unless the law allows to do so for another reason.

Contact details

We have appointed Sophia Xuereb as our Data Protection Representative (‘DPR’) to help us comply with our data protection obligations, including those set out in this privacy notice.

If you have any questions about this privacy notice, or about how we handle your personal information, please contact our Data Protection Representative, on +971 (4) 365 1000 or by email addressed to DPR@uibgulf.com.

You may also at any time complain to the Commissioner, as appointed by the President of the DIFC.

Changes to this privacy notice

We will update this privacy notice when necessary. We may also notify you in other ways from time to time about the processing of your personal information.

If you have any questions about this privacy notice, please contact our Data Protection Representative.

BACK TO HOME
DOWNLOAD PDF

UIB (DIFC) Ltd.

Regulated by the Dubai Financial Services Authority F000198.
Registered in DIFCA No. 0211 – CL0211.

Registered Address

Suite 306, Level 3
Gate District Building 3
Dubai International Financial Centre
United Arab Emirates
P.O. Box 506533

CONTACT US

Useful Links

© 2022 United Insurance Brokers DIFC Ltd. All Rights Reserved. Website by Sumner & Co.

Visit UIB Group website.