ONLINE PLATFORM PRIVACY POLICY
1 INTRODUCTION
1.1 Lombard Insurance Company Limited (Lombard) is dedicated to protecting the privacy, security and online safety of personal information entrusted to it by individuals and/or juristic persons (which shall include the duly appointed representative/s of such juristic person) (Users). As part of this obligation, Lombard is committed to the appropriate protection and use of personal information collected by it through online platforms which Lombard directly or indirectly owns, operates and/or otherwise subscribes to.
1.2 This document sets out the policies, processes and practices implemented by Lombard in dealing with the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation, use, dissemination by means of transmission, distribution or making available in any other form, merging, linking, as well as blocking, degradation, erasure or destruction (collectively Handling or Handle, as the context may require) of certain information collected on various online platforms operated or otherwise utilised by Lombard or any of its partners or affiliates (the Privacy Policy) as required by the Protection of Personal Information Act (POPIA).
1.3 As a general principle, Lombard Handles only the personal information that is provided to it voluntarily by Users of Lombard Connect (the Platform) so that Lombard can meet its legal and regulatory obligations and support its ability to fulfil the terms of the agreement between Lombard and the User. Please review this Privacy Policy to learn more about how Lombard Handles all personal information collected by it through the Platform.
2 INFORMATION COLLECTION
2.1 Lombard Handles information voluntarily provided to it by Users of the Platform upon registration/subscription to the Platform by a User, and continuously upon a User signing-in to the Platform and providing personal information as may be requested by Lombard or volunteered to Lombard by the User from time-to-time.
2.2 Such information may include, but is not limited to the:
2.2.1 User’s identity number;
2.2.2 User’s telephone number;
2.2.3 User’s email address;
2.2.4 Identity numbers of the directors of the User;
2.2.5 User’s tax number;
2.2.6 User’s banking details;
2.2.7 criminal history of any of the directors, key individuals or representatives of the User; and
2.2.8 information pertaining to any issues relating to the past, current or anticipated liquidation, receivership or judicial management of any of the directors, key individuals or representatives of the User.
2.3 The User’s information may also be collected through the User’s usage of the website as well as from third-party data providers.
2.4 By utilising the Platform, the User acknowledges that the Platform provider, Lombard or any of the latter’s affiliates, partners or service providers (together the Responsible Parties and individually the Responsible Party, as the context may require) may Handle
(i) information explicitly and specifically requested from the User;
(ii) information that is generated by the User’s activities (usage data gathered by cookies); and
(iii) any other information that is automatically collected from the User’s browser or mobile device. Although some of the aforementioned data is generally not personally identifiable, some of it, either alone or when linked with other information, may allow a User’s identity to be discovered. Lombard treats this combined data as personal information as defined in POPIA, and ensures that the relevant Responsible Party protects such data accordingly.
3 USAGE AND SHARING OF INFORMATION COLLECTED
3.1 In order to effectively provide the products and services on this Platform to the User, Lombard needs to Handle certain personal information provided by the User. Consequently, a User’s personal information may be used for:
3.1.1 identifying the User;
3.1.2 processing a User’s requests or instructions; and
3.1.3 managing the User’s contractual relationship with the Responsible Parties.
3.2 Due to the nature of Lombard’s business, and the manner in which its business operations are arranged, Responsible Parties may be utilised from time-to-time to Handle the User’s personal information.
3.3 In addition, certain instances may require Lombard to comply with certain applicable laws. In such instances, Lombard may need to share your information with certain third parties, industry bodies and credit agencies. Subject to any applicable laws providing otherwise, Lombard shall, in all circumstances where it is required to share a User’s personal information, notify the User of any request by the relevant third parties, industry bodies and credit agencies. Below is a non-exhaustive list of instances in which Lombard may share your personal information as provided for in this clause 3.3:
3.3.1 when required by any regulatory authority, such as the Financial Sector Conduct Authority (FSCA);
3.3.2 when required by legislation or any legal process;
3.3.3 to protect and defend Lombard’s rights and property, including our intellectual property; and/or
3.3.4 when the User have given us direct permission to do so.
3.4 Notwithstanding the aforementioned, Lombard will not sell a User’s personal information or share it with other parties for their own marketing use, unless an individual has provided their explicit permission to do so.
4 HOW WE STORE THE INFORMATION COLLECTED
4.1 Data is stored in such a way as to ensure that the data is secure, and that access is limited to authorised users. Secure storage of Lombard’s data assets is a joint responsibility of system and network administrators, database designers, application designers, and the data user who must ensure that passwords and other security mechanisms are used. Part of this responsibility is delegated to various Responsible Parties.
4.2 All external vendors requiring access to Lombard data must sign a Non-Disclosure Agreement (NDA) before access to any data is granted. In conjunction with the NDA, for purposes of external processing of data, the parties would need to enter into a formal Service Level Agreement (SLA) or outsourcing arrangement.
4.3 The purpose of the Platform is to facilitate the entering into of an intermediary agreement between the User and Lombard and its various underwriting agencies and/or management of any necessary compliance with all applicable laws.
4.4 Lombard shall dispose of the User’s personal information in the event that:
(i) there is no agreement entered into between the User and Lombard;
(ii) the agreement entered into between the User and Lombard is terminated in accordance with its terms;
(iii) certain regulatory retention requirements have been reached; and/or
(iv) the User has requested that their personal information be permanently erased.
5 HOW WE PROTECT THE INFORMATION COLLECTED
5.1 Lombard takes every reasonable precaution to protect the User’s personal information from theft, unauthorised access and disruption of services. Lombard’s security controls are designed to maintain an appropriate level of data confidentiality, integrity, and availability. Lombard, in conjunction with the other Responsible Parties, regularly tests the Platform, data centres, systems, and other assets for security vulnerabilities. This notwithstanding, Lombard cannot guarantee the security of any personal information that the User willingly discloses online.
6 USER’S RIGHTS
6.1 Should Lombard need to process a User’s personal information for any reason, the User shall have the right to:
6.1.1 request and access such personal information without incurring any cost. Prior to providing the User with their personal information, Lombard may request that the User provide proof of their identity and sufficient information about the User’s usage of the Platform in order for Lombard to locate the User’s personal information. In the event that the User’s personal information held by Lombard is incorrect, the User shall be entitled to request that any such inaccuracies in their personal information be corrected; and
6.1.2 object to Lombard processing its personal information.
6.2 The User may exercise the rights set out in this clause 6 by contacting Lombard at [email protected], whereupon Lombard shall make all reasonable and practical efforts to comply with the User’s request, provided that such request is consistent with any applicable laws and relevant professional standards.
7 LINKS TO OTHER SITES
7.1 Please be aware that the Platform may contain links to other sites which may not be governed by this Privacy Policy but by other privacy statements that may differ from Lombard’s Privacy Policy. We encourage Users to review the privacy statements of each web site visited before disclosing any personal information.
8 CHANGES TO THIS PRIVACY POLICY
8.1 Lombard reserves the right to update or modify this Privacy Policy at any time to reflect our current privacy practices, without prior notice to the User. When Lombard makes changes to this policy, we will revise the date of this document. Please review this Privacy Policy periodically, and especially before you provide any personal information to Lombard. Your continued use of the Platform after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Policy.
