Protecting your privacy is very important to us.
We are committed to:
This Business privacy notice explains how and why PartnerRe Ltd, its subsidiaries and affiliates (“PartnerRe”, “we” or “us“) collect and use personal data when we provide our services as a reinsurance business. A full list of all PartnerRe entities is available at http://partnerre.com/about-us/offices/.
In this privacy notice:
you or your, refers to:
There are other terms in bold with specific meanings. Those meanings can be found here.
PartnerRe Ltd. is a leading global reinsurer that helps insurance companies reduce their earnings volatility, strengthen their capital and grow their businesses through reinsurance solutions. Risks are underwritten on a worldwide basis through the PartnerRe‘s three segments: P&C, Specialty, and Life and Health.
Reinsurance is insurance that is purchased by an insurance company. Insurance companies may choose to purchase reinsurance in order to pass on part of their risks from insurance contracts to reinsurers, to actively manage their insured portfolio, be able to fulfil their obligations to indemnify under their insurance relationships and to remain solvent after major claims events, such as major disasters like hurricanes and wildfires. The insurance company that purchases the reinsurance policy is called a “ceding company” or “cedent” or “cedant” under most arrangements. The company issuing the reinsurance policy is referred simply as the “reinsurer“. When a reinsurer purchases insurance from a further reinsurer, this is called retrocession and the further reinsurer is referred to as the retrocessionaire.
In order to obtain reinsurance or retrocession, information, including your personal data, needs to be shared between different insurance market participants.
PartnerRe is committed to safeguarding that information.
This privacy notice is designed to provide compliance with the EU General Data Protection Regulation (GDPR). This privacy notice is also designed to provide compliance with the California Consumer Privacy Act (CCPA) and other applicable U.S. state data privacy/protection acts.
Where relevant applicable local regulations require stricter standards than those described in this privacy notice, we will ensure compliance with those stricter standards.
If applicable law provides for a lower level of protection of personal data than that established by this privacy notice, then this privacy notice shall prevail.
The type of personal data we collect and process includes any of the below (where permitted by law):
|Types of Personal data
|Name, address (including proof of address), other contact details (e.g. email addresses and telephone numbers), gender, marital status, date and place of birth, age, nationality, height and weight, leisure activities and interests
|Your family health or morbidity history, number of children and name, age and gender of children, your dwelling type
|Identification numbers issued by government bodies or agencies, including your social security number (or local equivalent), passport number, tax identification number and driving license number
|Employment and experience information
|Your employment history, employer, job role, salary, employment benefit options, educational background and any professional licenses and qualifications
|Bank account or payment card details, income, investment/savings or other financial information including household income, home valuation and household demographics
|Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include data relating to your health, criminal convictions, or other special categories of personal data. For certain types of policy, this could also include telematics data.
|Information about the quotes you receive and policies you take out
|Credit and anti-fraud data
|Credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you
|Previous and current claims
|Information about previous and current claims, (including other unrelated insurances), which may include data relating to your health, criminal convictions (but only where it is lawful to collect this data), or other special categories of personal data and in some cases, surveillance reports
|Special categories of personal data
|Certain categories of personal data which have additional protection under the GDPR. The categories are health (such as your and your family medical history, genetic test results and information, prescription history, death certificate and reports on medical diagnoses, tests and treatment), criminal convictions (but only where it is lawful to collect this data), racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric (fingerprint and voiceprint), or data concerning sex life or sexual orientation
We collect your personal data from various sources, including:
Which of the above sources apply will depend on your particular circumstances.
With the exception of a Business Partner’s employee, we do not normally collect personal data from you directly. There might be instances where certain tools allow for data supplied by you directly to the insurer to be automatically provided to us. We also collect personal data if you voluntarily supply it to us, for example by sending us an email.
We use your personal data primarily only to the extent that it is necessary for the purposes of reinsurance, and only for the purpose for which it was originally collected and any other permissible, related purpose:
The list above also indicates, by numbers at the end of each category corresponding to the list in the section below “WHAT ARE THE LEGAL BASES ON WHICH WE USE YOUR PERSONAL DATA?”, the legal basis for which we process your personal data (depending on the circumstances). Some of the bases for processing will overlap and there may be several grounds which justify our use of your personal data.
We are committed to processing your personal data fairly and lawfully and only to the extent necessary to achieve the purposes listed above.
We must have a legal basis to process your personal data. In most cases, our ability to obtain and process your personal data is based on one of the following legal bases:
|For processing personal data
|Where consent is legally required to process your personal data, your insurance provider (or the organization that collected your personal data) will obtain consent from you.
|2. Compliance with a legal obligation
|Processing is necessary for compliance with our legal obligations, such as due diligence and reporting obligations, and responding to requests from our regulators.
|3. For our legitimate business
|Processing is necessary for our legitimate business interests as a data controller and reinsurer to provide our services to clients, to improve our services, to ensure we price our products appropriately, to manage risk, to manage our business efficiently, to perform audits, to maintain accurate records, and your interests and fundamental rights do not override those interests.
|For processing special categories of personal data
|Where consent is legally required to process special categories of your personal data, your insurance provider (or the organization that collected your personal data) will obtain consent from you.You are free to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal by contacting the organization that collected your personal data. Withdrawal of this consent will however prevent us from continuing to provide the services to the insurance market participant and thus indirectly to you.
|5. For legal claims
|Processing is necessary for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity.
|6. Local law authorization
|Processing is otherwise authorized by local law.
|7. For statistics
|Processing is necessary for compiling (re)insurance specific statistics, analytics and actuarial calculation (for example for the development of new products, tariffs).
We share your personal data with third parties under the following circumstances:
PartnerRe group companies. We operate as a global business, so we share your personal data with group companies who use this data for the purposes described in this privacy notice.
Insurance market participants and financial institutions. We share your personal data with insurance market participants, financial institutions and business partners that use your personal data in connection with the provision of insurance and processing of claims.
Service providers. We share your personal data with service providers that perform services and other business operations for us, for example, IT and analytics providers, medical specialists and hospitals, actuarial service entities, auditors and advisers.
Any law enforcement agency, court, regulator, government authority or professional body. We share your personal data with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
Asset purchasers/ mergers and acquisitions. We share your personal data with any third party that purchases, or to which we transfer, all or substantially all of our assets and business or with whom a restructuration transaction is contemplated. Should such a sale or transfer or restructuration occurs, we will use reasonable efforts to try to ensure that the entity to which we transfer your personal data uses it in a manner that is consistent with this privacy notice.
We transfer your personal data to recipients located in countries outside the European Economic Area (EEA). These countries’ data protection laws may not offer the same level of protection for personal data as offered in the EEA.
Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections as EEA data protection laws. In such cases, EU data protection laws allow PartnerRe to freely transfer your personal data to such countries.
When we transfer your personal data to other countries outside the EEA (except in case where we send your personal data back to the third party who first shared it with us as part of the same contractual relationship), we establish legal grounds for such a transfer, mainly in the form of standard contractual clauses or other legal grounds permitted by applicable legal requirements.
To regulate intra group personal data transfers, PartnerRe has executed a master data transfer agreement. For more information on the appropriate safeguards in place, please contact us at the details contained in the “Contact us about data protection” section below.
The time for which we retain your personal data depends on the type of information and the purposes for which we use it. We retain your personal data pursuant to a retention schedule that is designed to keep personal data only for so long as is necessary and for a reasonable period thereafter to allow us to investigate, commence or defend legal claims brought by or against us or our clients, comply with our regulatory obligations and conduct analysis.
We securely destroy personal data when they are no longer needed for the aforementioned purposes and its retention period has expired. In some circumstances we retain aggregated or anonymised data which can no longer be associated with you and is not treated as personal data under this privacy notice.
To support us in managing how long we hold personal data and our record management, we maintain a data retention policy which includes clear guidelines on retention and deletion.
We consider the following criteria when determining how long a particular record will be retained, including any personal data contained in that record:
The same personal data about you may be included in more than one record and used for more than one purpose, each of which may be subject to different retention periods based on the factors listed above.
We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal data we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal data. We evaluate these measures on a regular basis to ensure the security of the processing.
We collect your Personal data and compile the information received about you to analyze and predict aspects concerning your personal characteristics (such as but not limited to risk, behavior, preferences) as an insurance buyer, claimant or beneficiary of an insurance cover. We automatically process your Personal data using software.
Automated decision making
We currently do not take any automated decisions that will affect your ability to obtain or claim for insurance cover with an insurance company. Nevertheless, your Personal data may be used to derive profiles as described above. These profiles may become the basis of automated decision making.
(Residents of California and other U.S. states with specific comprehensive privacy laws shall refer to “Your rights under state-specific privacy laws”)
If you have any questions in relation to the use of your personal data or would like to exercise any of the following rights, you should first contact the data protection contact of the relevant participant (as specified under IDENTITIES OF DATA CONTROLLERS SECTION). Under certain conditions, you have the right to ask us to:
In certain circumstances, we need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).
This section is meant to provide supplemental or specific information for residents of California and certain other U.S. states regarding how we collect personal data and your rights regarding that information under respective state privacy laws.
How we collect personal data about you
The personal data we collect about you may include data within the categories below. These categories are defined by California law. Where we collect this data, the purposes for which we process it, and how we have disclosed personal data to third parties in the past 12 months are consistent with how we treat other data under this privacy notice as described above. We do not necessarily collect all data listed in a particular category, nor do we collect all categories of data for all individuals.
We have also shared data in each of the following categories with our affiliates and service providers for our business purposes within the last 12 months. As a reinsurance company, we may receive requests for data from regulatory authorities, our auditors and/or our legal advisors. If requested from such parties, we would share your personal data as appropriate.
We do not sell your personal data or share your personal data for “cross-contextual behavioral advertising,” as such term is defined under California law. We also do not sell or share your personal data for “targeted advertising”, as such term is defined under relevant state laws.
Depending on the circumstances, we may collect and process the following personal data about you:
We also collect what the California Consumer Privacy Act, and other state privacy laws, refer to as “sensitive personal data” (even though as with personal data more broadly, the California Consumer Privacy Act may not apply at all times). This data can include:
Your rights under state-specific privacy laws
Depending on your state of residence, and subject to certain exceptions as set forth by law, you (or an authorized agent acting on your behalf) may have the right to ask us to:
You may also have the right to receive the details/data you request in a portable and readily usable format.
Depending on your residency, these rights may not apply to pseudonymous data if the information necessary to identify the consumer is kept separately and is subject to controls that prevent access to the information. Pseudonymous data is personal data that can no longer be attributed to a specific individual without the use of additional information, if the additional information is kept separately and is subject measures to ensure that personal data is not attributed to the specific individual.
Data solely retained for data backup or archive purposes is principally excluded from these rights until it is restored to an active system or next accessed or used for a sale, disclosure, or commercial purpose.
Any disclosure(s) we make pursuant to your request under this Section will cover only data we collect and maintain on or after January 1, 2022.
In certain circumstances, we need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).
You have the right not to receive discriminatory treatment from us for exercising the rights conferred to you under the respective state privacy law.
If you would like to exercise any of the above state-specific rights, you (or an authorized agent acting on your behalf) can e-mail us at [email protected], or call us at 1-800-261-3164.Depending on where you reside, you may be entitled to make either one or two requests per calendar year, free of charge. You will be charged a fee for subsequent requests exceeding this limit. Under applicable privacy law, and for the protection of your personal data, we may be limited in what personal data we can disclose.
Upon receipt of a request from you exercising any of the above-listed rights, we will need to verify your identity. To do so, we will send you a pre-assessment form within 10 business days of receiving your request. Such pre-assessment form will, among other things, request certain contact information and ask that you certify that you are either the consumer whose personal information is the subject of the request or the authorized representative of such consumer.
If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights in YOUR RIGHTS or Your rights under state-specific privacy laws, or if you think that we have breached the GDPR or any other applicable data privacy law or regulation, then you may have the right to appeal our decision or complain to your local supervisory authority (i.e. the supervisory in the jurisdiction where you live or work) or the supervisory authority of the jurisdiction where you believe an infringement of data protection laws has occurred. Each supervisory authority may have a different process for lodging complaints so we encourage you to contact the relevant supervisory authority first to check this.
The insurance lifecycle involves the sharing of your personal data between insurance market participants, some of which (like us) you will not have direct contact with. In addition, your personal data may not have been collected directly by an insurance market participant. You can find out the identity of the initial data controller of your personal data within the insurance market life-cycle in the following ways:
Where your personal data is processed in connection with the services provided by PartnerRe under an engagement with an insurance market participant, the relevant PartnerRe entity that has entered into such engagement with the relevant insurance market participant shall be the controller in respect of the personal data.
If you have questions or concerns regarding the way in which your personal data has been processed, please contact our Data Protection Officer at [email protected] or call or write to us.
Wellesley House South
90 Pitts Bay Road
Phone: +1 441 292 0888
3rd Floor, The Exchange
Phone: +353 1 637 9600
200 First Stamford Place
Stamford, Connecticut 06902
Phone: +1 203 485 4200
For all other postal addresses, please see https://partnerre.com/.
We modify or update this privacy notice from time to time.
This privacy notice has been updated on June 30, 2023.
If we make changes to this privacy notice, we will update the date it was last changed and publish the revised privacy notice on our website.
Key insurance terms:
Beneficiary is an individual or a company that an insurance policy states may receive a payment under the insurance policy if an insured event occurs. A beneficiary does not have to be the insured/policyholder and there may be more than one beneficiary under an insurance policy.
Business partners: insurance market participants, lawyers, medical experts, accountants, auditors, loss adjusters, individual representative of corporate service providers, etc.
Claimant is either a beneficiary who is making a claim under an insurance policy or an individual or a company who is making a claim against a beneficiary where that claim is covered by the insurance policy.
Quotation is the process of providing a quote to a potential insured/policyholder for an insurance policy.
Insurance is the pooling and transfer of risk in order to provide financial protection against a possible eventuality. There are many types of insurance. The expression insurance may also mean reinsurance.
Insurance policy is a contract of insurance between the insurer and the insured/policyholder.
Insurance market participant(s) or participants: is an intermediary (broker), insurer, reinsurer, TPA, MGA, MGU, etc.
Insured/policyholder is the individual or company in whose name the insurance policy is issued. A potential insured/policyholder may approach an intermediary to purchase an insurance policy or they may approach an insurer directly or via a price comparison website.
Insurers: (sometimes also called insurance company or underwriters) provide insurance cover to insured/policyholders in return for premium. An insurer may also be a reinsurer.
Intermediaries (brokers) help policyholders and insurers arrange insurance cover. They may offer advice and handle claims. Many insurance and reinsurance policies are obtained through intermediaries.
MGA is a Managing General Agent and in insurance defined legally as an individual or business entity appointed by an insurer to solicit applications from agents for insurance contracts or to negotiate insurance contracts on behalf of an insurer and, if authorized to do so by an insurer, to effectuate and countersign insurance contracts.
MGU in insurance stands for Managing General Underwriter, which is used in life and health companies instead of managing general agent (MGA). The terms are used interchangeably, and there is little real distinction.
Premium is the amount of money to be paid by the insured/policyholder to the insurer in the insurance policy.
Reinsurers provide insurance cover to another insurer or reinsurer. That insurance is known as reinsurance.
TPA is a Third-Party Administrator, which is an organization that processes insurance claims or might administer other services such as underwriting, customer service, etc.
We, us or our refers to PartnerRe Ltd, its subsidiaries and affiliates.
you or your, refers to
Key data protection terms:
CCPA is the California Consumer Privacy Act of 2018, which regulates the collection, possession and sale of consumers’ personal data by businesses.
GDPR is the EU General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).
Personal data is any information relating to an identified or identifiable natural person ‘data subject’; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. For California residents, it also includes information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular household.
Sensitive personal data is:
(1) Personal data that reveals:
(A) A data subject’s social security, driver’s license, state identification card, or passport number.
(B) A data subject’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
(C) A data subject’s precise geolocation;
(D) A data subject’s racial or ethnic origin, religious or philosophical beliefs, or union membership.
(E)The contents of a data subject’s mail, email, and text messages unless the business is the intended recipient of the communication.
(F) A data subject’s genetic data.
(2) (A) The processing of biometric information for the purpose of uniquely identifying a data subject.
(B) Personal data collected and analyzed concerning a data subject’s health.
(C) Personal data collected and analyzed concerning a data subject’s sex life or sexual orientation.
(3) Sensitive personal data that is “publicly available” is not be considered sensitive personal data.