Risk Assurance Management Limited (RAM) is a Lloyd's Coverholder authorised by the Corporation of Lloyd's of London to arrange certain insurances at Lloyd's. RAM is regulated by the Financial Conduct Authority.
RAM is registered as a Data Controller and transacts business in accordance with the General Data Protection Regulations (GDPR). As a registered Data Controller responsibilities are placed on RAM to ensure that personal data of all types is properly managed and protected and that all aspects of the legislation is complied with at all times.
At the commencement of any group insurance with RAM, the Proposer is required to sign a declaration within the Proposal Form:-
- Acknowledging the use by RAM of any information provided, for the purpose of the insurance in connection with the processes of underwriting, administration, claims management, handling of customer concerns and the detection, prevention and investigation of fraud.
- Acknowledging that the information may be shared with other insurers, reinsurers, insurance intermediaries and service providers who are involved in either the operation of insurance which covers employees or the employee benefit arrangements provided by RAM.
- Acknowledging that the data will be processed fairly and securely in accordance with the GDPR and the details will be stored on computer but will not be kept for longer than necessary.
- Confirming that the data in relation to the insurance has been obtained and passed to RAM in accordance with the requirements of the GDPR.
During the administration of new proposals and the administration of completed contracts strict procedures are in place to ensure the confidentiality of information provided to RAM for the purpose of the insurance. RAM is required by our regulator the Financial Conduct Authority to maintain accurate records and information is retained but only for as long as required by regulation, legislation or necessary business purposes.
As a Data Controller RAM complies with the key principles of the GDPR being:-
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality
Personal data should be processed lawfully, fairly and in a transparent manner in relation to individuals;
Data should be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
The data processed should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
The data should be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay;
Data should be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed;
Data should be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Under the GDPR, individuals have a right to access the personal data we hold on them. Further information on how to make a Subject Access Request, and our policy detailing how we handle these requests can be found here.
Further information in respect of how we process the data we hold can be found with our Data Privacy Notice here.
Further information on our Data Breach Policy can be found here.
Further information on our Information Security Policy can be found here.
For any other queries in respect of GDPR and your data please contact us at email@example.com