5 Who we are sharing your data with
We may share your personal data with:
- your members’ agent, managing agent, accountant and/or investment manager
- Broadridge Financial Solutions as the supplier of the TAROT membership system
- Citibank NA as sub-custodian for non-UK FAL assets
- Sutherland Asbill & Brennan LLP for US central tax filings and FATCA reporting requirements
- companies providing services for money laundering and terrorist financing checks and other fraud and crime prevention purposes, including financial institutions and regulatory bodies with whom such personal data is shared
- tax authorities in order to complete central tax filings, comply with local tax reporting requirements and ensure appropriate withholding taxes are being applied to business written by the members
- regulators and government officials where reasonably necessary in respect of compliance with Lloyd’s regulatory obligations and overseas licence arrangements
- courts, law enforcement authorities or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process
6 How long we keep your data
We will retain your personal information for as long as is reasonably necessary to fulfil the relevant purposes set out in this Privacy Notice. The retention period will primarily be determined by relevant legal and regulatory obligation and/or duration of our business relationship with you, your employer or another associated party. We maintain and update regularly our data retention policy with a detailed retention schedule. We will securely delete or erase your personal information if there is no valid business reason for retaining your data. In exceptional circumstances, we may retain your personal information for longer periods of time if we reasonably believe there is a prospect of litigation, in the event of any complaints or there is another valid business reason the data will be needed in the future.
7 International transfers
From time to time we may need to share your personal information with members of the Lloyd’s subsidiaries who may be based outside of the European Union. We may also allow our service providers, who may be located outside the EU, access to your personal information. We may also make other disclosures of your personal information overseas, for example if we receive a legal or regulatory request from a foreign law enforcement body.
We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests:
- We will only transfer your personal information to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. In the absence of those options and where necessary, we may transfer your personal data by relying on one of the derogations under the GDPR.
- Transfers within the Lloyd’s overseas offices will be covered by standard contractual clauses, adopted by the European Commission which gives specific contractual protections designedPrivacy Notice: Market Services Page 4 of 5 to ensure that your personal information receives an adequate and consistent level of protection.
- Transfers to service providers and other third parties will always be protected by contractual commitments and where appropriate further assurances.
- Any requests for information we receive from law enforcement or regulators will be carefully checked before personal information is disclosed.
Information relating to the safeguards in place for all international transfers can be obtained by writing to the DPO, whose details can be found in section 9.
8 Your rights
You have certain rights as an individual which you can exercise in relation to the information we hold about you. If you make a request to exercise any of your rights we reserve the right to ask you for a proof of your identity. We aim to acknowledge your request as soon as possible and will address your query within one month from your request.
You have the following rights:
The right to access
You are entitled to a confirmation whether we are processing your data, a copy of your data, and information about purposes of processing, who do we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, where we got your data from and how you can make a complaint.
The right to rectification
If you believe the personal information we hold about you is inaccurate or incomplete you can request for it to be rectified.
The right to erasure
If you withdraw your consent, terminate a contract with us or you believe the personal information is no longer necessary for the purposes for which it was collected, you may request your data to be deleted. However, this will need to be balanced against other factors, for example there may be certain regulatory obligations which mean we cannot comply with your request.
The right to restriction of processing
You can ask us to restrict (i.e. keep but not use) your personal data, but only where:
- Its accuracy is contested, to allow us to verify its accuracy; or
- The processing is unlawful, but you do not want it erased; or
- It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- You have exercised the right to object, and verification of overriding grounds is pending.Privacy Notice: Market Services Page 5 of 5
We can continue to use your personal data following a request for restriction, where we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
The right to data portability
If we collected your information under a contract or your consent, you can request from us to transfer your personal information to provide it to another third party of your choice.
The right to object
You have the right to object at any time to processing of your personal data where processing is necessary for the performance of a task carried out in the public interest, or in the exercise of an official authority vested in the controller. You may also object where the processing is necessary for the purposes of the legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms, in particular where you are a child.
9 Contact details of the Data Protection Officer
If you have any questions relating to data protection that you believe we will be able to answer, please contact our Data Protection Officer:
Data Protection Officer
Lloyd’s
1 Lime Street
EC3M 7HA, London
Email: data.protection@lloyds.com
10 Complaints
If you are not satisfied with our response or believe we are not processing your personal data in accordance with legal requirements you can make a complaint to relevant Data Protection Authority. Our Lead Authority within the European Union is the UK the Information Commissioner’s Office (https://ico.org.uk/concerns/).