Home page

Privacy policy

Effective date: July 21, 2023

OUR COMPANY 

Victor is made up of different legal entities, namely Victor Insurance Managers LLC, a managing general underwriter with offices based in seven countries. This Privacy Notice is issued on behalf of the Victor Group so when we mention “Victor”, "we", "us" or "our" in this Privacy Notice, we are referring to the relevant company in the Victor Group responsible for processing the information. 

OUR BELIEFS REGARDING THE PRIVACY OF YOUR INFORMATION

We believe strongly in protecting the privacy and the confidentiality of the personally identifiable information (“Personal Information” or “Personal Data”) that we collect, use, disclose, store, and transmit (process) in the course of providing our underwriting, technology, distribution, capital and other insurance services (the “Services”).  This Privacy Notice is intended to inform you of the ways in which we process personal information, and sets forth your rights. 

This Privacy Notice is subject to change at any time. If we make changes to this Privacy Notice, we will update the “Effective Date” at the top of this page and post it on our websites or applications (“Sites.”) Where required by local law, we will also notify you of any changes we make to this Privacy Notice in accordance with law and the notice provisions in the terms of our engagement.  To the extent permitted by law, any changes we make to this Privacy Notice become effective immediately. 

Our contractual commitments to clients will supersede any terms in this Privacy Notice. 

OUR ROLE

We generally collect personal information in the course of providing our Services pursuant to a contract we have with a commercial client (our “Client”).  In such circumstances, we act as a “service provider” or “processor” and are thus obligated to process personal information in accordance with instructions from our Client, the business ultimately responsible for determining how your personal information will be handled.  Accordingly, if you disclose personal information to us in connection with your role as an employee of our Client, or by virtue of some other relationship you have with our Client, we encourage you to review that Client’s privacy notice to understand the full scope of how your personal information will be handled. 

PERSONAL INFORMATION WE COLLECT

The types of personal information we collect will vary depending on the nature of our relationship with our clients, such as the type of product or service we provide or the type of Site being accessed.  In either case, we limit the personal information that we collect to that which will allow us to fulfill our intended business purposes.  In many cases, the personal information we collect is required for us to provide our clients with our services or meet legal requirements, and failure to provide us with the information may prohibit us from delivering requested services. 

Generally, we may collect and process the following types of personal information about individuals and, if required for the services provided, their dependents or beneficiaries under an employer, association, group or benefit program sponsor:    

  • Individual Contact and Demographic Information (which may include Family Members) 
    Name, address and/or proof of address, email address, telephone number, gender, marital status, family details, date and place of birth, employment information – employer, job title, employee ID, and employment history, and/or the individual’s relationship to the policyholder, insured, beneficiary or claimant, images.

  • Business Contact Information
    Employer, job title, business address, email and phone numbers.

  • Identification Details
    Identification numbers issued by government bodies or agencies (e.g., social security or national insurance number, passport number, tax identification number, ID number, or driver’s license number), and/or insurance provider (e.g., policy number or claim number).

  • Benefits Information
    Benefit elections, pension entitlement information, date of retirement and any relevant matters impacting your benefits such as voluntary contributions, pension sharing orders, tax protections or other adjustments.

  • Financial Information
    Payment card number and related data, bank account number and account details, income and other financial information.

  • Insurable Risk Information
    The information necessary for us to secure insurance products/quotes, provide risk consulting services, and/or offer guidance on other financial products and services.  This information may include to the extent relevant to the risk being insured:
    • Criminal records data – criminal convictions, including driving offenses;
    • Vehicle information - vehicle identification number and other vehicle details;
    • Health data - current or former physical or mental medical conditions, health status, injury or disability information, medical procedures performed, relevant personal habits (e.g., smoking), medical history, previous health insurance information;
    • Policy information - historical information about the insurance quotes individuals receive and the policies they obtain;
    • Education information – information about current and/or previous education
    • Claims information - information about current and/or previous claims, including health data; and
    • Other Special Categories of Personal Information - Racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and/or data concerning an individual’s sex life or sexual orientation.
       
  • Credit and Anti-fraud Data
    Credit history and credit score, individual information about fraud convictions, allegations of crimes and sanctions details received from various anti-fraud and sanctions databases, or regulators or law enforcement agencies.

  • Marketing Data
    Whether or not an individual has consented to receive marketing from us and/or from third parties; interaction with our Sites, marketing communications, articles, and social media.

  • Event and Survey Information
    Information related to company-sponsored events that you have attended and product or service-related surveys you have completed.

  • Site-Related Information
    Information related to the operation of and use of a Site and information collected through cookie or other tracking technologies, which may include log-in credentials, IP addresses, domain names, browser versions and operating system, traffic data, the resources you access, and other Site-related information.

To learn more about each category of personal information we collect, the purpose for collection, the sources, and the parties to whom to disclose such personal information, please view this comprehensive chart.

SPECIAL CATEGORIES OF PERSONAL INFORMATION, INCLUDING CRIMINAL DATA

When we collect, use or disclose to third parties (such as insurers, intermediaries and reinsurers) Special Categories of personal information and criminal records data, we typically do so for reasons of substantial public interests, namely because it is necessary for the wide range of insurance-related activities that we undertake or because it is necessary for fraud prevention purposes.

Before you provide us with Special Categories of Personal Data and Criminal Records Data about a person other than yourself, you agree to notify such person of our use of their personal information and, if requested by us, to obtain their consent to our use of their Special Categories of personal information and Criminal Records Data (for example, by requiring the individual to sign a consent form).

HOW WE COLLECT PERSONAL INFORMATION

Information Provided by You, Your Representatives or Third Parties

We may collect information from you, your representatives, your employer, association, group or benefit program/plan sponsor, and/or third parties that have roles in delivering services to our clients. 

You might provide this information when you visit a Site; apply or request a quote for insurance coverage; enroll in an association, group, or employer benefits program; communicate with us or our service providers through email, chat and instant messenger; speak to a representative by phone or in a call center; enroll in events, or marketing or business development activities, or send mail to our office.  In addition, we may collect information from vetting and data validation agencies and other professional advisory service providers in connection with our marketing or business development activities. 

Third parties, including insurance companies, plan administrators and service providers, brokers or agents, credit agencies, financial institutions, and government agencies or persons acting on behalf of such parties may disclose personal information to us.  Your employer or program/plan sponsor or someone acting on their behalf, or claimants, may also provide us with information about you in connection with our services.

If you supply us with personal information about other people, you represent that you have the authority to provide this information on their behalf and have obtain their consent where necessary.  In these instances, you further represent that the individuals to whom this information relates have been informed of the information in this Privacy Notice and understand the reason(s) for obtaining the information, the manner in which this information will be used and disclosed, and have consented to such use and disclosure.

Collection by Automated Means

We use cookies on our company-branded websites. If available, Site users can opt-out of our use of certain cookies using our Cookie Management Tool linked at the bottom of the site. To find out more about how we use cookies, please see our Cookie Notice.

Collection by Third Parties

If you conduct a transaction through us, a third party (e.g., a service provider or insurer) may collect and process credit card or other personal information about you, including through the use of website cookies, in connection with such transaction. In those instances, we will identify the third party to you and we encourage you to read the third party’s privacy policy to learn more about how your information will be used and disclosed by them.

HOW WE USE THE PERSONAL INFORMATION WE COLLECT

We may use the personal information received from you or your broker, insurance carrier, employer or association, group or benefit program/plan sponsor to: 

  • Verify your identity;
  • Register and service your online account;
  • Communicate with you and conduct our business;
  • Process an insurance transaction, enrollment or service requested by you directly, or by a third party, including the following:
    • The procurement of insurance (new and renewals);
    • Insurance policy administration;
    • Claims processing;
    • Consulting and related risk control services; and/or
    • General risk modeling, benchmarking and/or other analytics services
  • Allow you to manage the services requested by you, or through a third party;
  • Market our services to you, including ours, those of our affiliates and those of third parties;
  • Analyze, administer, develop, personalize, and improve our products and services and evaluate the overall effectiveness of our marketing activities, Sites, and overall service;
  • Maintain network security and performance and protect against cyber-attacks;
  • Comply with and enforce applicable laws, industry standards, and our own policies;
  • Prevent and detect fraud and other legal or policy violations;
  • Perform benchmarking and analytics that support our client services;
  • De-identify information; and/or
  • As otherwise described to you at the point of collection, for our legitimate business purposes, or pursuant to your consent.

We may also process de-identified information that is not reasonably likely to identify you for commercially legitimate and lawful business purposes.  Where we have de-identified information, we will maintain and use it without attempting to re-identify the data other than as permitted under law.

LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION

The legal basis for our ability to process your personal information depends on which Services we provide to you.  Please read our Purpose of Processing for complete details.  Note that we may process your personal information for more than one legal basis depending on the specific purpose for which we are using your data.

DISCLOSURE OF YOUR PERSONAL INFORMATION

We may need to disclose your personal information in order to deliver the insurance and consulting products or services requested by you or your employer, or association, group or benefit sponsor, and/or to administer our Sites.  We may disclose this information:  

  • to perform the services you request from us
    • We may disclose your personal information to insurers, and/or third-party agents/brokers in connection with providing insurance quotes, binding insurance coverage, administering claims and other services.
  • with your employer, association, group or benefit program sponsor (when applicable)
    • To assist in the administration of a group insurance program, insurance program-related personal information required for the administration and governance of the group program may be disclosed.
  • with affiliates
    • To enable them to provide services to you or contact you regarding additional products and services that you have expressed an interest in.
  • with agents or third-party service providers
    • We sometimes contract with other companies and individuals to perform functions or services for us or on our behalf. To perform these services, they may have access to personal information required to perform these services, but are contractually restricted from using it for purposes other than providing services for or on our behalf.
  • with marketing partners
    • This sharing may occur, to the extent permitted by law, if you have requested a quote or service from us through such partners
  • in the context of mergers, acquisitions, and asset sales
  • to address legal matters
    • We may preserve, and has the right to disclose, any information about you related to our rendered services or your use of this Site without your prior permission if we have a good faith belief that such action is necessary to: (a) protect and defend the legal rights, safety, and security of our company, our affiliates and business partners, and users of this site,  (b) enforce the Terms of Use of a Site; (c) respond to claims of suspected or actual illegal activity, (d) respond to an audit or investigate a complaint or security threat; or (e) comply with applicable law, regulation, legal process, or governmental requests.  

STEPS WE TAKE TO PROTECT YOUR INFORMATION

Our company has a dedicated Chief Information Security Officer (CISO) who is responsible for managing a Global Information Security team and a comprehensive cybersecurity program.  As part of such program, we have implemented commercially reasonable physical, administrative, and technical safeguards in an effort to protect your personal information from unauthorized access, use, alteration and deletion. These safeguards may vary depending on the sensitivity, format, location, amount, distribution and storage of the personal information, and include measures designed to keep personal information protected from unauthorized access. 

Our cybersecurity program has policies and procedures for risk assessments to identify and assess cyber risks, as well as technical controls and processes to detect, respond to and recover from cybersecurity events.  

As effective as our cybersecurity program is, no security system is impenetrable. We cannot guarantee the security of our systems, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet.  

YOUR DATA PROTECTION RIGHTS

Certain jurisdictions extend enhanced personal information rights to residents of or persons located in the jurisdiction.  You may have some or all of the following rights in relation to the personal information we collect about or from you, depending on the jurisdiction and our reason for processing your information:

  • Right of access (Right to know)
    You may ask us to confirm whether we are processing your personal information, the sources, categories of persons who have access to the information within our company, the retention period, and the specific pieces of personal information we have collected.    
  • Right to correct (Right to rectify)
    If the personal information we hold about you is inaccurate or incomplete, you may be entitled to request to have it corrected, taking into account the nature of the personal information and the purposes of the processing of your personal information.
  • Right to delete
    You may have a right in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable), to request that we delete or remove your personal information. 
  • Right to restrict/limit processing
    You may have a right to restrict the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to us.  Please note that we process Sensitive Personal Information solely as necessary in performance of the Services, to ensure the security and integrity of the information, or as otherwise authorized under law or regulation.  Because we do not process your Sensitive Personal Information for other purposes, you may not have a right to limit our processing of such information.
  • Right to data portability
    You may have the right to receive a copy of personal information we've obtain from you, where technically feasible, in a structured, commonly used and machine-readable format, and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
  • Rights in relation to automated decision making and profiling
    We do not independently engage in the automated processing of Personal Information to profile or make predictions, recommendations or decisions that produce a legal or other significant effect on our clients.  Because we do not engage in such automated processing, we do not provide a mechanism for you to limit our processing of Personal Information in such a manner.  Decisions regarding insurance premiums, coverage limits and eligibility, however, may be determined by insurance carriers using automated means, including through one of our sites or applications interacting with such insurers’ systems.  In those instances, we encourage you to review the applicable insurers’ privacy notices to obtain additional information regarding their automated decision-making practices, as well as any right to opt out of such processing or challenge a prediction, recommendation or decision that has impacted you.
  • Right to withdraw consent
    If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you may have the right to withdraw that consent. If you withdraw your consent, we may not be able to carry out your instructions or perform the contract we have or are trying to enter into with you.

In any case where we are acting as a service provider to a Client, if you or your authorized agent (together referred to hereinafter, where applicable, as “you”) wish to exercise any rights that may be available to you under law, you should direct your request to our Client, who is the party responsible for receiving, assessing, and responding to your requests.  If you wish to exercise any of the above rights, opt out of marketing communications or appeal a decision or denial we have made with respect to your personal information you may also contact us using one of the following options and, where applicable, we may forward your request to the applicable Client: 

  • In the US: Complete this Form or call 855-275-5436
  • Outside of the US: Send your request to privacypolicyinquiries@victorinsurance.com

For your protection, we will need to validate the identity of anyone making a request relating to your personal information.  We will respond to your request or forward your request to the appliable Client within a period of time required under law (generally within 30-45 days) unless it is reasonably necessary for us to extend our response time.

You may also have some or all of the following rights:

  • Right to lodge a complaint
    If you have a concern about any aspect of our privacy practices, including the way we've handled your personal information, you may report it to the relevant supervisory or regulatory authority.  You may contact us as provided at the bottom of this Privacy Notice if you would like to receive contact information for your local authority.

  • Right to Opt in or out of Sale or Sharing for Cross-Context Advertising
    If you visit one of our Sites, we may share your internet or other electronic network activity information for cross-context targeted advertising purposes utilizing advertising cookies.  Under some laws, this activity may be considered a sale of information.  As such, you may have the right to opt in or out of the sale of your personal information or the sharing of your personal information for cross context behavioral advertising or targeting purposes.  To opt in or out of our selling or sharing of your personal information on our websites or to view the names of specific third parties with whom we have sold or shared your information, please click on the “Manage Cookies” link at the bottom of our webpage, where you will find instructions on how to manage cookies and other online trackers that may collect and share personal information in a manner that could be considered a sale or sharing under applicable law. If you would like to opt out of the sale or sharing of your information, ensure the toggles for “Advertising” and “Analytics” trackers are set to “No.”

    You may also implement a browser setting or extension to communicate your selling and sharing preferences automatically to the websites you visit.  Our websites process such “opt out preference signals” in a frictionless manner.  The current “opt out preference signal” with a defined protocol for companies to follow if they receive the signal is called the Global Privacy Control (GPC). GPC is available for an increasing number of browsers and browser extensions, listed here. If you want to use GPC, you can download and enable it via a participating browser or browser extension. More information about downloading GPC is available here.
  • Direct Marketing and Do Not Track Signals
    You may have a right to request and obtain a notice once a year about the personal information we disclosed to other businesses for their own direct marketing purposes.  If applicable, such a notice will include a list of the categories of personal information that were disclosed (if any) and the names and addresses of all third parties with which the personal information was disclosed (if any).  The notice will cover the preceding calendar year.  You may contact us as provided at the bottom of this Privacy Notice if you would like to learn if this right applies to you and, if so, exercise that right.
  • Right to Non-Discrimination
    You may exercise your rights under law without discrimination.  For example, unless applicable law provides an exception, we will not:
    • Deny you goods or services;
    • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
    • Provide you a different level or quality of goods or services; or
    • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

We may offer you financial incentives to provide us with personal information that is reasonably related to the information’s value.  This could result in different prices, rates, or quality levels for our products or services.  Any financial incentive we offer will be described in written terms that explain the material aspects of the financial incentive program.  You must opt-in to any financial incentive program and may revoke your consent at any time.

Please note that some of these rights may be limited where we have an overriding legitimate interest or legal, regulatory or contractual obligation to continue to process the personal information, or where the personal information may be exempt from disclosure or erasure under to applicable law. 

These rights are in some circumstances limited by data protection legislation. 

CROSS-BORDER TRANSFERS

There are circumstances in which we will have to transfer your personal information out of the country, province or territory in which it was collected for the purposes of carrying out the services we provide to you. These countries, provinces or territories do not always afford an equivalent level of privacy protection and in such circumstances we take specific steps, in accordance with data protection law, to provide an adequate level of protection for personal information.  Where the need for such a transfer arises, we will take steps to ensure that there are appropriate safeguards in place to protect your personal information such as an impact assessment, adequacy decision by the appropriate supervisory authority, the use of approved binding corporate rules or standard contractual clauses, or your consent.  If you have questions regarding the specific mechanism under which your personal information is transferred to another country, if applicable, you may contact us at privacypolicyinquiries@victorinsurance.com or by contacting our privacy office using the contact details in the Questions or Concerns section below.   

For information regarding how our EU Binding Corporate Rules (EU BCRs) operate, click here.  For a list of entities that have agreed to be bound by the EU BCRs, click here.

For information regarding how our UK Binding Corporate Rules (UK BCRs) operate, click here.  For a list of entities that have agreed to be bound by the UK BCRs, click here

MARKETING

We may use your personal information to provide you with information about products or services that we think would be of interest to you.  We may also disclose your personal information with other companies in the Victor group so that they can provide you with information about their products and services.  These may be sent by email or post or, in some circumstances, we may telephone you to explain this information to you.   

We take care to ensure that our marketing activities comply with all applicable legal requirements. In some cases, this may mean that we ask for your consent in advance of us or our group companies sending you marketing materials. 

In all cases, you can opt out of receiving marketing communications at any time. You can do this by clicking on the "unsubscribe" link in any marketing email or by contacting us using the details set out at the end of this Privacy Notice.  

Please note that, even if you opt out of receiving marketing messages, we may still send you communications in connection with the services we provide to you.

RETENTION OF YOUR INFORMATION

Our products, services, and regulatory obligations are complex, and thus our retention periods for personal information vary.  We consider the following obligations when setting retention periods for personal information and the records we maintain: the need to retain information to accomplish the business purposes or contractual obligations for which it was collected; our duties to effectuate our clients’ instructions with respect to personal information we process on their behalf; our duties to comply with mandatory legal and regulatory record-keeping requirements; our backup and disaster recovery procedures; and other legal impacts such as applicable statute of limitations periods. We may also retain personal information for other purposes delineated in applicable privacy laws.  When we no longer need to retain Personal Information, our company policies require that we either de-identify or aggregate the information (in which case we may further retain and use the de-identified or aggregated information for analytics purposes) or securely destroy it.

OTHER INFORMATION YOU SHOULD KNOW

Calls and Text Messages

In some instances, your employer or association, group or benefit program sponsor may request services that require us to contact you via telephone calls or text.  By accepting the terms of this Privacy Notice and providing us with your contact information, you consent to receive automated calls and texts, as well as emails and/or standard mail, from us including but not limited to information regarding your policy, account, benefits, relationship with us, and other products or services offered through us and/or your employer or program sponsor. Consent is not a condition of any purchase or to obtain a quote.  Message and data rates may apply.  If you wish to withdraw your consent in the future, follow the prompts described in the call or text or contact us as described below. 

Minors

We do not knowingly collect personal information directly from children under 13.  If we learn that we have collected any personal information from a child under the age of 13 without verifiable parental consent, we will delete that information from our files as quickly as possible.  If you believe that we may have collected information from a child under 13, please contact us at the email address provided below.

If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”).  However, we never knowingly sell or share the personal information of minors under 16 years of age and would not do so in the future without affirmative authorization of the individual if between 13 to 16 years of age, or the parent or guardian of an individual less than 13 years of age.

External Links

Our Sites may include links to websites that are operated by third-party organizations.  If you access another organization’s website using a hyperlink on our Site, the other organization may collect information from you.  We are not responsible for the content or privacy practices of linked websites or their use of your information.  If you leave a Site via such a link (you can tell where you are by checking the URL in the location bar on your browser), you should refer to that websites' privacy policies, terms of use, and other notices to determine how they will handle any information they collect from you.

QUESTIONS OR CONCERNS

To submit questions or requests regarding this Privacy Notice or our privacy practices, please email us at privacypolicyinquiries@victorinsurance.com.  If you would prefer to contact us by post or by phone, please contact our privacy office using the following contact details: 

EU/UK
Data Protection Officer 
Victor Insurance Managers
Tower Place  
London 
EC3R 5BU 
Phone: +44 (0)207 357 1447   
Email: GDPRLegal@mmc.com

Outside of the EU/UK
Chief Privacy Officer
Victor Insurance Managers
1166 Avenue of the Americas
New York, NY 10036

If we are unable to resolve an enquiry or a complaint, individuals may have a right to contact the applicable supervisory or regulatory authority.  For more information about how to contact your supervisory or regulatory authority, please email us at privacypolicyinquiries@victorinsurance.com.