This Privacy Policy describes how Hamilton Insurance Group, Ltd., and its affiliates and subsidiaries (collectively, “Hamilton,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information. This Privacy Policy also tells you about your rights and choices with respect to your personal information, and how you can reach us to get answers to your questions.
You can jump to particular topics by clicking the links below:
How We Protect and Retain Information
Transmission Of Information To Other Countries
Third-Party Applications/Websites
Changes To This Privacy Policy
Additional Information for UK Residents
Additional Information For California Residents
Information We Collect
We collect information about you in a variety of ways depending on how you interact with us and our websites, products and services, including:
- Directly from you when you provide it to us, such as when you sign up to receive communications from us, purchase or inquire about our insurance products, apply for a job, or contact us by phone, email, or otherwise.
- Automatically through the use of server logs, pixels, and other similar technologies when you interact with our websites and emails.
- From other sources, including, for example, our affiliates, business partners, service providers and other third parties, or from publicly available sources. For example, if you submit a job application, or become an employee, we may conduct a background check.
The following provides examples of the type of information that we collect in a variety of contexts and how we use that information.
| Context | Types of Data | Primary Purpose for Collection and Use of Data |
| Business Partners | We collect the name, and contact information, of our business partners and their employees with whom we may interact. | We have a legitimate interest in data required to facilitate the business arrangement between us and for normal exchanges in the course of business. We may also process your information to perform the contract agreed between us. |
| Policyholders, Insureds and Claimants | The types of personal data that we collect may include individual details, identification details, financial information, risk details, policy information, credit and anti-fraud data, previous and current claims as well as certain other special categories of personal data which may include health, criminal convictions, racial or ethnic origin, religious or philosophical beliefs, health data and data about your sex life or sexual orientation. | We have a legitimate interest in fulfilling our contract(s) with you.
Where required by law, we process your sensitive personal data based upon your consent. |
| Third-Party Tracking | We may place tracking technology on our website that collects analytics or records how you interact with our website. This means that a third party uses technology to collect information about your use of our website so that they can report analytics to us. | We have a legitimate interest in understanding how users interact with our website. |
| Demographic Information | We collect personal information, such as your location. | We have a legitimate interest in understanding our employees and users and providing tailored services. |
| Email Interconnectivity | If you receive email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases. | We have a legitimate interest in understanding how you interact with our communications to you. |
| Employment | If you apply for a job posting, we collect information necessary to process your application or to retain you as an employee. This may include, among other things, your Social Security Number. Providing this information is required for employment. Nothing in this policy is an offer of employment and should not be construed as such. | In some contexts, we are also required by law to collect information about applicants. We also have a legitimate interest in using your information to have efficient staffing and work force operations. |
| Feedback/Support | If you provide feedback or contact us for support, we will collect your name and email address, as well as any other content that you send to us, in order to reply. | We have a legitimate interest in receiving, and acting upon, your feedback or issues. |
| Mailing List | When you sign up for one of our mailing lists we collect your email address or postal address. | We have a legitimate interest in sharing information about our products or services. |
| Public Health and Safety | In certain situations where a serious public health threat has been identified, we may collect information from job applicants, guests, and other individuals accessing our facilities. This may include medical and health information, such as body temperature, symptoms, and underlying health conditions. | We have a legitimate interest in protecting the health and safety of our employees and guests. In some jurisdictions we may be required by law, regulation, or governmental order to collect and retain information related to issues of public health and safety. We have a legitimate interest in complying with the laws in the jurisdictions in which we operate. |
| Surveys | When you participate in a survey, we collect information that you provide through the survey. If the survey is provided by a third party service provider, the third party’s privacy policy applies to the collection, use, and disclosure of your information. | We have a legitimate interest in understanding your opinions, and collecting information relevant to our organization. |
| Website interactions | We use technology to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser. | We have a legitimate interest in understanding how you interact with our website to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud. |
| Web logs | When you visit our website, we collect information such as, but not limited to, your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors. | We have a legitimate interest in monitoring our networks and the visitors to our websites. Among other things, it helps us understand which of our services is the most popular. |
How We Use Information.
In addition to the purposes and uses described above, we use information in the following ways:
- To provide our products and services.
- To improve our services and product offerings.
- To conduct analytics.
- To communicate with you, such as to respond to and/or follow-up on your requests, inquiries, issues, or feedback.
- To send marketing and promotional materials including information relating to our products, services, sales, or promotions, or those of our business partners.
- To detect and protect against malicious, deceptive, fraudulent, or illegal activity, including violation of our policies and terms and conditions, security incidents, and harm to the rights, property, or safety of our company and our users, employees, or others.
- To debug, identify and repair errors that impair existing intended functionality of our website.
- To comply with our legal or regulatory obligations, to establish or exercise our rights, and to defend against a legal claim.
- To perform any contract we have entered into with you.
- For internal administrative purposes, as well as to manage our relationships.
- For such other purposes as you may consent (from time to time).
Although the sections above describe our primary purpose in collecting your information, in many situations we have more than one purpose. For example, if we collect your work contact information, this could be collected in order to fulfill our insurance contract with your company, but we may also have a legitimate interest in maintaining your information after your policy is complete in order to meet our legal and regulatory requirements. As a result, our collection and processing of your information is based in different contexts upon your consent, our need to perform a contract, our obligations under law, and/or our legitimate interest in conducting our business.
Please note that insurance involves the use and disclosure of your personal data by various insurance market participants such as intermediaries, insurers and reinsurers.
To the extent we maintain and use personal information in a deidentified form, we will not attempt to reidentify the information, except for the purpose of determining whether our deidentification processes satisfy our legal obligations.
How We Share Information.
In addition to the specific situations discussed elsewhere in this Privacy Notice, we may disclose personal information in the following situations:
- Affiliates and Acquisitions. We may share information with our corporate affiliates (g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage.
- Other Disclosures with Your Consent. We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this policy.
- Other Disclosures without Your Consent. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the shipment of products to or the provision of services by a third-party intermediary.
- Service Providers. We may share your information with service providers. Among other things service providers may help us to administer our website, conduct surveys, provide technical support, process payments, and assist in the fulfillment of orders.
Your Choices
Some jurisdictions give you a right to make the following choices regarding your personal information:
- Access To Your Personal Information. You may request access to your personal information or confirmation that we have information about you. In certain limited circumstances, you may also request to receive access to your data in a portable, machine-readable format.
- Changes To Your Personal Information. We rely on you to update and correct your personal information. You may ask us to correct information that is inaccurate or incomplete. Note that we may keep historical information in our backup files as permitted by law.
- Deletion Of Your Personal Information. You may request that we delete your personal information. If required by law, we will grant a request to delete information, but you should note that in many situations we must keep your personal information to comply with our legal obligations, resolve disputes, enforce our agreements, or for another business purposes.
- Objection to Certain Processing. You may object to our processing of your personal information by contacting us at the address described below.
- Online Tracking. We do not currently recognize the “Do Not Track” signal.
- Promotional Emails. You may choose to provide us with your email address for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials to you, as well as targeted offers from third parties. You can stop receiving promotional emails by following the unsubscribe instructions in emails that you receive or by contacting us through the information below. If you decide not to receive promotional emails, we may still send you service-related communications.
- Revocation Of Consent. Where we process your personal information based upon consent, you may revoke consent. Please note, if you revoke your consent for the processing of personal information then we may no longer be able to provide you services.
Please note, not all of the rights described above are absolute, and they do not apply in all circumstances. In some cases, we may limit or deny your request because the law permits or requires us to do so, or if we are unable to adequately verify your identity. We will not discriminate against individuals who exercise their privacy rights under applicable law.
Submitting Requests
You may exercise the rights described above by contacting us as indicated in the Contact Information section below. If you disagree with how we handled a request, you may appeal our decision by contacting us with the subject line “Appeal.”
Note that, as required by law, we will require you to prove your identity. We may verify your identity by phone call or email. Depending on your request, we will ask for information such as your name, your address, or other information we may have about you in our systems. We may also ask you to provide a signed declaration confirming your identity. Following a request, we will use reasonable efforts to supply, correct or delete personal information about you in our files or otherwise meet our legal obligations related to your request.
In some circumstances, you may designate an authorized agent to submit requests to exercise certain privacy rights on your behalf. You must provide us with a copy of the signed permission you have given to the authorized agent to submit the request on your behalf and verify your own identity directly with us. If you are an authorized agent submitting a request on behalf of an individual, you must attach a copy of the following information to the request:
- A letter or form signed by the individual indicating that you have authorization to act on the individual’s behalf.
- If you are submitting the request on behalf of an individual located in California and are a business, proof that you are registered with the Secretary of State to conduct business in California.
If we do not receive both pieces of information, the request will be denied.
How We Protect and Retain Information
No method of transmission over the internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
We retain your personal information for only as long as necessary to fulfil the purposes outlined in this Privacy Policy, including for the purposes of satisfying any legal, accounting, or reporting requirements, unless a longer retention period is required or permitted by law. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we obtained the information and whether we can achieve those purposes through other means, as well as applicable legal requirements. If you would like further information regarding the periods for which your personal information will be stored, please contact us using the details contained within the Contact Information section below.
Transmission Of Information To Other Countries
As a multi-national company, we transmit information between and among our affiliates. As a result, your information may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. Nonetheless, where possible we take steps to treat personal information using the same privacy principles that apply pursuant to the law of the country in which we first received your information. By submitting your personal information to us you agree to the transfer, storage, and processing of your information in a country other than your country of residence. If you would like more information concerning our attempts to apply the privacy principles applicable in one jurisdiction to data when it goes to another jurisdiction you can contact us using the contact information below. You may also request a copy of any Standard Contractual Clauses we use for the transfer of your data outside of the EEA/UK, which includes the categories of information transferred by contacting us using the contact information below.
Third-Party Applications/Websites
For your convenience, we may provide links to websites and other third-party content or services that we do not own or operate. The websites and third-party content to which we link may have separate privacy notices or policies. Please note, we have no control over the privacy practices websites, or services that we do not own. We encourage you to review the privacy policies of any third-party website or application for details about such third party’s privacy practices.
Changes To This Privacy Policy
We may change our privacy policy and practices over time. To the extent that our policy changes in a material way, the policy that was in place at the time that you submitted personal information to us will generally govern that information unless we receive your consent to the new privacy policy. Our privacy policy includes an “effective” and “last updated” date. The effective date refers to the date that the current version took effect. The last updated date refers to the date that the current version was last substantively modified.
Children
Our websites and online services are not intended for children under the age of 13 and we do not knowingly collect personal information from children under age 16, without parental consent.
Contact Information
If you have any questions, comments, or complaints concerning our privacy practices, or if you need to access this Privacy Policy in an alternative format due to having a disability, please contact us at the appropriate address below. We will attempt to respond to your requests and to provide you with additional privacy-related information.
Mail: Wellesley House North, 90 Pitts Bay Road, Hamilton HM 08, Bermuda
Tel: +1 441-405-5200
Email: [email protected]
Additional Information for UK Residents
Policyholders, insureds and claimants insurance involves the use and disclosure of your personal data by various insurance market participants such as intermediaries, insurers and reinsurers. The London Insurance Market Core Uses Information Notice (see londonmarketgroup.Co.Uk/gdpr) sets out those core necessary personal data uses and disclosures. Our core uses and disclosures are consistent with the London Market Core Uses Information Notice. We recommend you review this notice.
Additional Information For California Residents
California law requires us to disclose the following additional information related to our privacy practices. If you are a California resident, the following privacy disclosures apply to you in addition to the rest of the Privacy Policy.
- California Shine the Light. If you would like more information concerning the categories of personal information (if any) we share with third parties or affiliates for those parties to use for direct marketing, please submit a written request to us using the information in the Contact Information section above.
- Notice of Collection. The table below describes the categories of personal information we collect and disclose for a business purpose, “sell” and/or “share”. Please note, in addition to the recipients identified below, we may disclose any of the categories of personal information we collect with government entities, as may be needed to comply with law or prevent illegal activity. We do not “sell” or “share” (as those terms are defined by California law) your personal information. For details regarding how we use personal information, please see the Information We Collect section of the Privacy Policy. For information regarding how long we retain personal information, please refer to the How We Protect and Retain Information section of the Privacy Policy.
| Category of Personal Information | Category of Recipients |
| Disclosures for a Business Purpose | |
| Identifiers – this may include real name, alias, postal address, unique personal identifier, online identifier, email address, account name, or other similar identifiers. |
|
| Government Issued Identification – this may include social security number, driver’s license number, or state issued identification number, passport number. |
|
| Financial Information – this may include bank account number, credit card number, debit card number, and other financial information. |
|
| Health Related Information – this may include medical information, mental or physical condition or treatment, or health insurance information. |
|
| Characteristics of protected classifications – this may include age, sex, race, ethnicity, physical, or mental handicap, etc. |
|
| Commercial information – this may include information about products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
|
| Internet or other electronic network activity information – this may include browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement. |
|
| Audio, electronic, visual, thermal, olfactory, or similar information |
|
| Professional or employment-related information |
|
| Non-public education information (as defined in the Family Educational Rights and Privacy Act) |
|
| Inferences drawn from any of the information listed above |
|
| Additional categories of personal information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) – this may include signature, physical characteristics, or description, , insurance policy number. |
|
- California Sensitive Information Disclosure. We may collect the following categories of sensitive personal information (as defined under California law): Social security number, driver’s license, state identification card, or passport number, financial information, racial or ethnic origin, religious, or philosophical beliefs, health data and data about your sex life or sexual orientation. This information is primarily collected by us in the job-applicant context in order to fulfill our employment-related needs, provide potential benefits and accommodations should you become employed, comply with laws and to manage our services, but it may be utilized to process transactions, comply with laws, manage our business, or provide you with services in other contexts. Note that we do not use such information for any purposes that are not identified within the California Privacy Rights Act Section 1798.121. We do not “sell” or “share” sensitive personal information for purposes of cross-context behavioral advertising.