Privacy Notice: Market Services

Effective Date: 11 May 2018

Member Services

1 Introduction

This notice describes how Lloyd’s, as a data controller, collects, uses, shares and retains the personal information you provide and informs you about your choices regarding use, access and correction of your personal information. Lloyd’s is committed to ensuring that any personal data it receives is protected and handled in accordance with applicable data protection laws.

For the purposes of this Privacy Notice, references to “we”, “us” or “our” shall refer to Lloyd’s.

2 Who we are

The Society of Lloyd’s (Lloyd’s) is incorporated by Lloyd’s Acts 1871 to 1982 whose principal place of business is at One Lime Street, EC3M 7HA.

3 What personal information we process about you.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Identity Data includes title, first name, maiden name, last name, marital status, gender, date of birth, membership number, username or similar identifier

Contact Data includes correspondence address, residential address, email address and telephone numbers

Financial Data includes bank account details, syndicate participation, Funds at Lloyd’s, source of wealth, source of funds, stock and cash balances Transaction Data includes details about payments to and from you and other details of Funds at Lloyd’s and distribution transactions

Tax Data includes US TIN, Tax IDs, tax residency, taxable profits and losses

Sensitive Personal Data in the course of performing our regulatory and oversight obligations, we may be required to collect and use sensitive personal information relating to you. For example, as part of the application to become a member of Lloyd’s we may ask you or your organisation for details of any criminal convictions or county court judgments over the last 10 years.

4 Why we collect your personal information and the lawful basis for processing.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we use your information. Please contact us if you need details about the Privacy Notice: Market Services Page 2 of 5 specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/activity	Type of data	Lawful basis
To process your application to become a member of Lloyd's	(i) Identity (ii) Contact (iii) Financial (iv) Sensitive Personal	Compliance with legal obligations Legitimate interests of Lloyd's Consent (Sensitive Personal)
To perform all activities and services to members of Lloyd’s as part of the membership lifecycle, including maintenance of funds to support underwriting commitments, managing Coming into Line in accordance with Lloyd’s Business Timetable and the distribution of profits and losses	(i) Identity (ii) Contact (iii) Financial (iv) Transaction	Compliance with legal obligations Legitimate interests of Lloyd's and members
Compliance with our legal obligations, including maintaining records, compliance checks or screening and recording (e.g. anti-money laundering, financial and credit checks, fraud and crime prevention and detection, trade sanctions and embargo laws)	(i) Identity (ii) Contact (iii) Financial (iv) Transaction	Compliance with legal obligations Legitimate interests of Lloyd's
To provide centralised tax filings and other tax related reporting and services to Members in respect of their underwriting at Lloyd’s	(i) Identity (ii) Contact (iii) Financial (iv) Transaction (v) Tax	Compliance with legal obligations Legitimate interests of Lloyd's and members
To communicate with you and keep you up-to-date with information relating to your membership at Lloyd’s and about the activities, services and service levels provided by Market Services	(i) Identity (ii) Contact	Legitimate interests of Lloyd's

5 Who we are sharing your data with

We may share your personal data with:

your members’ agent, managing agent, accountant and/or investment manager
Broadridge Financial Solutions as the supplier of the TAROT membership system
Citibank NA as sub-custodian for non-UK FAL assets
Sutherland Asbill & Brennan LLP for US central tax filings and FATCA reporting requirements
companies providing services for money laundering and terrorist financing checks and other fraud and crime prevention purposes, including financial institutions and regulatory bodies with whom such personal data is shared
tax authorities in order to complete central tax filings, comply with local tax reporting requirements and ensure appropriate withholding taxes are being applied to business written by the members
regulators and government officials where reasonably necessary in respect of compliance with Lloyd’s regulatory obligations and overseas licence arrangements
courts, law enforcement authorities or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process

6 How long we keep your data

We will retain your personal information for as long as is reasonably necessary to fulfil the relevant purposes set out in this Privacy Notice. The retention period will primarily be determined by relevant legal and regulatory obligation and/or duration of our business relationship with you, your employer or another associated party. We maintain and update regularly our data retention policy with a detailed retention schedule. We will securely delete or erase your personal information if there is no valid business reason for retaining your data. In exceptional circumstances, we may retain your personal information for longer periods of time if we reasonably believe there is a prospect of litigation, in the event of any complaints or there is another valid business reason the data will be needed in the future.

7 International transfers

From time to time we may need to share your personal information with members of the Lloyd’s subsidiaries who may be based outside of the European Union. We may also allow our service providers, who may be located outside the EU, access to your personal information. We may also make other disclosures of your personal information overseas, for example if we receive a legal or regulatory request from a foreign law enforcement body.

We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests:

We will only transfer your personal information to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. In the absence of those options and where necessary, we may transfer your personal data by relying on one of the derogations under the GDPR.
Transfers within the Lloyd’s overseas offices will be covered by standard contractual clauses, adopted by the European Commission which gives specific contractual protections designedPrivacy Notice: Market Services Page 4 of 5 to ensure that your personal information receives an adequate and consistent level of protection.
Transfers to service providers and other third parties will always be protected by contractual commitments and where appropriate further assurances.
Any requests for information we receive from law enforcement or regulators will be carefully checked before personal information is disclosed.

Information relating to the safeguards in place for all international transfers can be obtained by writing to the DPO, whose details can be found in section 9.

8 Your rights

You have certain rights as an individual which you can exercise in relation to the information we hold about you. If you make a request to exercise any of your rights we reserve the right to ask you for a proof of your identity. We aim to acknowledge your request as soon as possible and will address your query within one month from your request.

You have the following rights:

The right to access

You are entitled to a confirmation whether we are processing your data, a copy of your data, and information about purposes of processing, who do we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, where we got your data from and how you can make a complaint.

The right to rectification

If you believe the personal information we hold about you is inaccurate or incomplete you can request for it to be rectified.

The right to erasure

If you withdraw your consent, terminate a contract with us or you believe the personal information is no longer necessary for the purposes for which it was collected, you may request your data to be deleted. However, this will need to be balanced against other factors, for example there may be certain regulatory obligations which mean we cannot comply with your request.

The right to restriction of processing

You can ask us to restrict (i.e. keep but not use) your personal data, but only where:

Its accuracy is contested, to allow us to verify its accuracy; or
The processing is unlawful, but you do not want it erased; or
It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
You have exercised the right to object, and verification of overriding grounds is pending.Privacy Notice: Market Services Page 5 of 5

We can continue to use your personal data following a request for restriction, where we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.

The right to data portability

If we collected your information under a contract or your consent, you can request from us to transfer your personal information to provide it to another third party of your choice.

The right to object

You have the right to object at any time to processing of your personal data where processing is necessary for the performance of a task carried out in the public interest, or in the exercise of an official authority vested in the controller. You may also object where the processing is necessary for the purposes of the legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms, in particular where you are a child.

9 Contact details of the Data Protection Officer

If you have any questions relating to data protection that you believe we will be able to answer, please contact our Data Protection Officer:

Data Protection Officer
Lloyd’s
1 Lime Street
EC3M 7HA, London
Email: data.protection@lloyds.com

10 Complaints

If you are not satisfied with our response or believe we are not processing your personal data in accordance with legal requirements you can make a complaint to relevant Data Protection Authority. Our Lead Authority within the European Union is the UK the Information Commissioner’s Office (https://ico.org.uk/concerns/).