Rosemont Terms and Conditions and GDPR Privacy Notice
Rosemont Terms and Conditions and GDPR Privacy Notice
This privacy notice describes how we collect and use your personal information, in accordance with the General Data Protection Regulation (‘GDPR’).
Data Controller
Name: Rosemont Insurance Company Limited
Address: 2nd Floor, Samuel Harris House, 5-11 St Georges Street, Douglas, Isle of Man
As a "data controller" we are responsible for deciding how we hold and use any personal information you supply to us in relation to your Insurance Contract with us.
Rosemont has appointed an administrator in the Netherlands to collect premium and handle claims on its behalf: Harmony Financial Services B.V. See www.harmony.nl for more information.
Joint Data Controller
Rosemont contracts with Thomas Miller Captive Management Limited (‘TMCM’) to conduct Insurance Services. Where TMCM collect personal data in their capacity of Joint Data Controller, See www.thomasmiller.com privacy notice for more information.
Why we collect your personal information
We will collect, store, and use categories of personal information about you either directly from you or through third parties such as retail stores for the following purposes:
- 1. Administering and processing your insurance contract including your name, address date of birth and information about your banking details for the processing of your direct debit payments.
- 2. To comply with legal or regulatory obligations.
Lawful Bases
We rely on the following lawful bases for processing your data:
- In performance of a contract in order to supply insurance services.
- Legitimate interests of both Rosemont and the insured.
- Compliance with legal obligations which Rosemont is subject to in relation to Anti-Money Laundering laws.
Data retention
Rosemont takes the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees, administrator or service provider in the proper performance of their duties. We will only hold your personal information for the length of time it takes to fulfil the purposes we collected it for, including any legal, regulatory, accounting, or reporting requirements.
Your rights
You have certain rights as an individual which you can exercise in relation to the information we hold about you by contacting the Isle of Man Information Commission. If you make a request to exercise any of your rights, we reserve the right to ask you for a proof of your identity. We aim to acknowledge your request as soon as possible.
You have the following rights:
- The right to access
You are entitled to a confirmation whether we are processing your data, a copy of your data, and information about purposes of processing, who do we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, where we got your data from and how you can make a complaint.
- The right to rectification
If you believe the personal information we hold about you is inaccurate or incomplete, you can request for it to be rectified.
- The right to erasure
If you believe the personal information is no longer necessary for the purposes for which it was collected, you may request your data to be deleted. However, this will need to be balanced against other factors, for example there may be certain regulatory obligations which mean we cannot comply with your request. One of the following cases must apply:
- The personal data is no longer necessary for the purpose which you originally collected or processed it for;
- Legitimate interests is the basis for processing your personal data, the individual objects to the processing of their data, and there is no overriding legitimate interest to continue this processing;
- The data has been processed unlawfully (i.e. in breach of the lawfulness requirement of the 1st principle);
- The right to restriction of processing
You can ask us to restrict (i.e. keep but not use) your personal data, but only where:
- Its accuracy is contested, to allow us to verify its accuracy; or
- The processing is unlawful, but you do not want it erased; or
- It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- You have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal data following a request for restriction, where we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
- The right to data portability
You can request from us to transfer your personal information to provide it to another third party of your choice.
- The right to object
You have the right to object at any time to processing of your personal data where processing is necessary for the performance of a task carried out in the public interest, or in the exercise of an official authority vested in the controller. You may also object where the processing is necessary for the purposes of the legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms, in particular where you are a child.
Complaints
If you are not satisfied with our response or believe we are not processing your personal data in accordance with legal requirements you can make a complaint to relevant Data Protection Authority. Our Lead Authority within the European Union is the Isle of Man Information Commissioner’s Office https://www.inforights.im/complaint-handling/how-to-make-a-complaint-to-the-information-commissioner/data-protection-complaints-2018/