The privacy and security of your personal information is important to us. We want to assure you that your information will be properly managed and protected whilst in our hands. It continues to apply even if your agreement for the provision of insurance services with us ends and should be read in conjunction with the terms and conditions of your policy. Any consents and authorisations that were provided by you in relation to your information shall continue to apply in full force and effect, to the extent permissible by applicable law.
The term “you” or “your” means you, any person authorised by you to act as your representative, named insureds, claimants, beneficiaries and any third parties involved in an insurance policy or claim. It relates to our use of any personal information we collect through various means, such as email, telephone, in person or other third-party sources including insurance intermediaries. It also relates to personal information we collect from you via online services such as any Thomas Smith Group website that links to this Policy (“Websites”), social media or TSIA content on other websites, mobile device and similar applications (“Apps”).
The information we collect and how we collect it
We may receive personal information about you, when you contact TSIA or an insurance intermediary for example by doing any of the following:
- Requesting or obtaining a quote for one of our products from us or from an insurance intermediary
- Purchasing a TSIA product from us or from an insurance intermediary
- Using the Websites and Apps
- Creating a quikprotect account
- Entering TSIA competitions
- Telephoning, texting, writing by post or email, or communicating via online channels, to TSIA or when you visit our offices or intermediaries or when we visit you
- Making a claim
This information may include:
- Basic personal details such as your name, address, e-mail address, telephone number, date of birth or age, gender, marital status
- Additional information about your lifestyle and insurance requirements, such as details of your car, your home, your household, your health, or your travel arrangements
- Information about your other policies, such as claims and/or loss history, quotes history, payment history, claims data
- Sensitive personal information such as health information (for example alcohol consumed, recreational drug use, tobacco use, current or previous medication, current state of health, previous or existing conditions, family or personal history in relation to some conditions) or disclosures about previous unspent criminal convictions
- Your IP address
- Footage from CCTV, dashcams or similar equipment
- Information about your employment
- National Identity Card or Passport Number and
- Your marketing preferences
Your car: we may collect vehicle registration details and data about your car from publicly available sources and from Transport Malta.
Your property and / or home: we may collect information about your home from you and from publicly available sources, our trusted third parties and from information already held by TSIA about your property.
Information from other sources
Information we collect could be either supplied by you or a person you have appointed to supply us with this information. We can also generate information about you for example which insurance intermediaries you use or cookies or similar technologies used to recognise you and remember your preferences. Information can also be collected from other sources such as due diligence and sanctions checks or fraud prevention platforms as well as publicly available sources of information.
Information may at times be provided to us by other insurers or an insurance intermediary or from other parties involved in your insurance policy or claim such as your employer where your insurance policy is being purchased through or by them.
To ensure we have the necessary facts to assess your insurance risk, verify your identity, to help prevent, detect and suppress fraud and to provide you with our best premium options, we may obtain information relating to you from third parties at quotation inception and renewal and in certain circumstances where policy amendments are requested or at claims stage.
We may obtain information about you from medical professionals. We will seek your permission to contact these people for your information.
We may obtain information about you from third party suppliers and third-party databases, such as other insurers or insurance intermediaries or fraud prevention databases to detect, suppress and prevent fraudulent activity.
Personal information about others
We may collect information about other members of your household or family or individuals to be covered under a policy, for example, family members who may drive your car or persons who may be included on a travel or health insurance policy or who may be beneficiaries under any policy.
If you give us information about another person, it is your responsibility to ensure and confirm that:
- to make them aware of any terms and conditions contained in the relevant insurance policy.
How we use your personal information
The data you provide will be used by us for:
- Administration of quotes and policies, including to:
- improve your experience by reducing the number of questions we need to ask you
- assess your application for a product, service or quote,
- understand your risk so as to offer you our best terms
- verify your identity and carry out anti-fraud checks,
- provide you with premium options,
- administer your policy including updating you on and delivering our services,
- handle claims
- deal with complaints
- Insurance underwriting purposes i.e. to examine the potential risk in relation to your (and/or a third party’s) prospective policy so that we can:
- Consider whether to accept the relevant risk and at what price;
- Make decisions about the provision and administration of insurance and related services for you (and other persons covered);
- Validate your (or any person or property likely to be involved in the policy or claim) claims history (at any time including upon application for insurance, in the event of an accident or a claim, or at a time of renewal).
- Management Information purposes. To analyse insurance and other markets for the purposes of:
- Portfolio and risk assessment;
- Performance and management reporting;
- Compliance with legal and contractual obligations and responsibilities.
- Claims management – In the event of a claim we may need to disclose information with any other party involved in that claim such as third parties involved in the incident, their insurer, legal advisors or representatives, medical experts, the police or other investigators as well as reinsurers. We also may have to investigate your claims and criminal conviction history.
- Complaints management – If you make a complaint about the service we have provided, we may be obliged to forward details about your complaints, including your personal information, to the Arbiter for Financial Services.
We may use your information to allow us to detect and prevent fraudulent applications and claims.
Information about your insurance policy will be added to the database controlled by Transport Malta and the data stored therein may be used by certain authorised bodies including the police, the Motor Insurers’ Bureau (MIB) and other bodies permitted by law. This information may be used for purposes permitted by law, which include but are not limited to:
- Continuous insurance enforcement
- Law enforcement (prevention, detection, apprehension and/or prosecution of offenders)
- The provision of government services and/or other services aimed at reducing the level and incidence of uninsured driving.
If you are involved in a road traffic accident (either in Malta, the European Economic Area or certain other territories), insurers and/or the MIB may search the database to obtain relevant information. Persons (including his or her appointed representative) pursuing a claim in respect of a road traffic accident (including citizens of other countries) may also obtain relevant information which is held on the database.
Under your policy you must tell us about any incident (such as an accident or theft or any loss you may have suffered) which may or may not give rise to a claim. When you tell us about an incident, we may pass information relating to it to fraud prevention databases and can include details such as your name, address, identity card or passport number and date of birth together with details of any injury arising from a claim. This information may be used for the purpose of preventing, detecting or suppressing insurance fraud.
Your data may be supplied to other insurers or insurance intermediaries in order to facilitate no claim discount validation checks.
Fraud prevention and detection
Please note that if you give us false or inaccurate information it may invalidate your insurance policy/prospective insurance policy or it could affect the amount we pay to settle any claims you make under the policy.
In order to prevent, detect suppress and/or prosecute fraud we may at any time:
- share information about you with other organisations and public bodies;
- undertake credit searches and additional fraud searches;
- check and/or file your details with fraud prevention agencies and databases, and if you give us false or inaccurate information and we suspect fraud, we will record this.
We may search these fraud prevention databases when you apply for insurance, in the event of any incident or claim, or at time of renewal to validate your claims history or that of any other person or property likely to be involved in the policy or claim. We can supply on request, further details of the agencies and databases we access or contribute to and how this information may be used.
We and other organisations may also search these agencies and databases to:
- help make decisions about the provision and administration of insurance, credit and related services for you and members of your household or persons insured under your policy;
- prevent fraud and to manage your accounts or insurance policies;
- under the conditions of your policy you must tell us about any insurance related incidents (such as fire, water damage, theft or an accident) whether or not they give rise to a claim. When you tell us about an incident we may pass information relating to it to the fraud prevention agencies and databases.
You can ask for more information about this. If you require such information, please contact Thomas Smith Insurance Agency Limited.
Information collected from your use of our Websites or Apps.
Information we collect through Cookies and similar technologies
We collect information through “Cookies” and other similar technologies (e.g. pixel tags or links), to remember you when you visit the Websites and Apps and so we can improve your online experience to suit your needs. These help us understand how you and others use our Websites and Apps, view our products and respond to our advertising, so we can tailor direct marketing and enhance our overall product and service offering. This also saves you from re-inputting information when you return to the Websites or Apps.
When you receive direct marketing from us via email, we may use technology e.g. pixel tags or links to determine your use of and interest in our direct marketing.
When you visit one of our websites or Apps, we may record your device information including hardware and software used, general location, when and how you interact with our websites and Apps. This information is retained and used to note your interest in our Websites and Apps, improve customer use experience, determine pricing and/or offer you available discounts. Sometimes you may be able to sign-in to a TSIA app or service via a third-party service, such as Facebook. Where we use or share information from or with these sources, we will respect any permissions you have set about how you would like your information to be used.
We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms as well as your preferences within quikprotect.
Use and Sharing of information
In assessing your application or at renewal or when issuing an endorsement, the insurer or its intermediaries may undertake checks against publicly available information (such as electoral register, court judgements, or court orders). Similar checks may be made in assessing any claims made.
Information may also be shared with other insurers either directly or via those acting for the insurer (such as loss adjusters, surveyors or investigators) for claims handling purposes.
We may also use your information for research or statistical purposes, including to analyse how people use our Websites, view our products, respond to our advertising and to improve our understanding of what customers need.
We may use your information for training purposes, to improve our services and their delivery, for example by recording telephone calls.
If you request a quote, or purchase a product or service from us, your personal information may be used to communicate with you about your quote, product or service, including improvements we make to the ways you can access your information.
We may disclose your information to third party suppliers or service providers to conduct our business, for example, to help administer your policy, to help us manage and store data, provide data analytics, conduct market research and to communicate with you effectively. This may include online or digital partners we work with, so we, or our online or digital partners on our behalf, can communicate with you through their platforms.
Compliance with laws and regulatory obligations
We may, as a matter of law, and without requiring notice or consent, use your information as:
- permitted and required by law
- required to comply with a judicial proceeding, court order or legal process;
- for compliance or regulatory purposes
Data transfer and consent
Your information may be transferred to insurance principals in Malta and to reinsurers or reinsurance brokers outside Malta, including countries outside of the European Economic Area (EEA), for processing, storage, administration or any other use stated in this notice. The purposes and processing associated with any such transfer will comply with all applicable data protection regulations, including the GDPR, and with our obligation to adequately protect and secure your personal information. Where required under applicable laws we will take measures to ensure that personal information handled in other countries will receive at least the same level of protection as it is given in the EEA.
By providing your personal information to TSIA you consent to the transfer of your information as described above.
We are committed to protecting the confidentiality and security of the information that you provide to us and we put in place appropriate technical, physical and organisational security measures to protect against any unauthorised access or damage to, or disclosure or loss of, your information.
Managing your marketing preferences
We may use your information to:
- provide you with updates and offers for TSIA’s products and services via marketing tailored to you, whether through online digital services (e.g. online advertising, social media communications), or by direct marketing (e.g. phone, e-mail, text, post); and
- identify, tailor and package our products and services, determine pricing and offer discounts that may be of interest to you.
We will always give you the opportunity to ‘opt out’ of direct marketing when you complete a registration with us, request an online quote, purchase a product or service online or receive any email, text or other direct marketing communication.
You can change your marketing preferences at any other time by contacting us on the details given below. If you opt-out of receiving marketing information we may still use your contact details to convey important information regarding an existing policy or claim or for us to comply with our regulatory obligations.
Update your information or change your marketing preferences
Please let us know if your information changes as it is important that the information we hold about you is accurate and up to date.
You can ask us to update or correct your personal information or opt out of TSIA’s use of your information for direct marketing purposes by contacting us using any of the following methods:
to update or correct your personal information – [email protected]
to opt out – firstname.lastname@example.org
Data Protection Officer
Thomas Smith Insurance Agency Limited
1, War Victims Square
Your rights as a data subject
You have the right to request access to the personal information we hold about you. To do this, simply write to us at the address above. We will take all reasonable steps to confirm your identity before providing you with details of any personal information we may hold about you.
In certain instances, you may withdraw your consent to our processing of your personal information or request that we restrict the processing of your information or erase your information. However, we may continue to process your personal information if we have a legitimate interest or a legal obligation to do so.
Your personal information will be kept for no longer than the following retention periods:
- Personal Data in relation to quotations not taken up by data subjects
As a measure to combat insurance fraud.
- Personal Data in relation to expired or lapsed insurance contracts
10 years from the closure of all outstanding policy claims or policy expiry whichever comes last. This period will however be of 30 years in regards to liability insurance due to the long-tail nature of such business as experienced by case history.
Due to legal compliance obligations and a legitimate interest of the controller which will be stated by insurer.
As a necessity for the performance of a contract with the data subject.
As a measure to combat insurance fraud.
- Personal Data in relation to insurance claims including 3rd party claims data
10 years from the closure of all outstanding policy claims
As a measure to combat insurance fraud.
Due to legal compliance obligations of the controller.
Audit and Tax purposes.
The retention periods indicated above do not relate to personal data which has been anonymised. Such anonymised data may be retained indefinitely.